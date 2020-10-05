Over a month ago, Tonya wrote to me asking about “Dual Authentication” and if she should use it or not. After checking, I found out that I wrote about it about eight years ago. I also reread it and discovered how things have changed. So today, we revisit dual authentication, multifactor authentication, dual-factor authentication, two-step verification, two-step authentication, my favorite term two-factor authentication (usually abbreviated as 2FA), and probably many more. However, they all indicate the same thing — security.
First, what do they mean? They mean better, additional security. You have a username and password that were and still are the standard security for most people. But if someone gets both, they are into your account, site, or whatever you may be securing. With 2FA you provide another third secure connection.
For instance, if you set up 2FA on Google your phone will get a popup asking if it is you logging into your account. You click “Yes” to open your Google account on your computer and “No” if you know nothing about it. The site providing 2FA could send you a one-time password to use at that time to verify it is you or you can get one of many free apps called authenticators that have six-digit passcodes for you to enter as your second verification. Some higher-level security may even require a fingerprint, facial scan, or some other biometrics to prove it is you.
Many banks use 2FA when you log into your bank account. Mine asks me to enter my username, password and then asks if I want to receive 2FA by my email, text, or even a phone call from a computer, which gives me a passcode to enter.
So, I thought I would test out 2FA after I wrote back to Tonya with the basics. For me, the top apps you can use on your phone to receive authentication were well spelled out in this article, ghtech.site/2fa by Gizmodo. I have used all five that they recommend and they are equally effective. I choose Google Authenticator for my testing this time. One of them, LastPass you will hear more about here in the future but in another slightly different role.
I set up Amazon, Dropbox, Facebook, Google Microsoft, PayPal, and several others you would not recognize. I even set it up on GrayHaired.Tech. So, if you wish to secure your log-in on my site you now may.
Here is what I found, which I still agree with from eight years ago. I set up 10 to 12 sites that I use all the time. Several times a day. And it drove me nuts. Simple as that. Every time I opened a browser to log into some of them, I had to pull out my phone, open Google Authenticator, scroll down to the correct site, remember the six-digit code (something like 833 492, I read they put a space between the digits to help you memorize), and finally type it in the app on my computer. Occasionally, I would forget the last three digits, go back and check it again. Did I mention the passcodes for all of the sites change every 60 seconds? So, if I went back after the recycle of numbers to get the last three again, I would have to reenter a new six digits. Most sites have a checkbox that says something like “Trust this browser and do not reverify”, but it usually did not work for me.
It is a very good way to provide extra security but I think I will stick with long passwords except for financial sites I visit like the bank.
Have you tried any 2FA yet and if so, what are your thoughts?
