TechBytes: What is Two-Factor Authentication (2FA)?

What is two-factor authentication (2FA) and why is it important? 

TechBytes, brining you bite size tips, and how to videos, to improve your tech knowledge.

In this video we discuss what Two Factor Authentication is and why it is important. But Two-Factor Authentication actually goes by many other names;

• 2FA / Two Factor Authentication
• OTP / One-TimePassword
• Multi-Factor Authentication

Almost every website seems to be asking us, or even making us, use 2FA or its variants as part of their login process. Yes, it can be annoying and time consuming, but it’s also an extremely important part of modern online security. 

But what is 2FA and why should I use it? 

What is 2FA / Two-Factor Authentication?

You may have noticed the phrases “Two Factor Authentication”, “2FA”, “multi-factor authentication” or “One Time Passwords” (OTP) when setting up or signing into your online accounts. 

So, what does all that mean? 

Well, a standard user account has two fields for logging in: 

1. An email address or user name.
2. A Password.

Unfortunately, with the large number of accounts people have online, many people reuse their passwords and of course, this is not very secure. 

If just one of your accounts is hacked, or account holder experiences a data breach which exposes your password, that could allow others access to all of your accounts. Effectively, any would-be hacker only needs to find out, or guess, your password to get into your account (since emails are more widely known and used publicly). 

Check out our Techsplained article on Password Security to learn more about how to make your passwords as secure as possible. 

2FA aims to secure you from these potential vulnerabilities by providing a second step of approval in the form of a second single-use (one-time) authorization code unique to you and only you. 

What are the different methods of 2FA?

So. what are the different authentication methods used in two-factor authentication?  

Authentication via SMS 

One of the most popular methods is a text message code, or phone call with an automated voice code.   

Because mobile phone numbers tend to be unique to an individual, sending a 2FA code to your phone via SMS is deemed a secure enough way to confirm you are the account holder. The code you receive will be unique each time you log in and only be valid for a limited time. And remember, you’ll still need to know the password as well. 

Authentication via Authenticator App 

Another way for accounts to establish two-factor authentication is via an Authenticator app. 

This method presents you with a code or QR code when you set it up which you then link to an App on your phone. When you log in to your accounts you will be asked for your Authenticator code which you can find in your authenticator app. 

Authentication via native App 

Some companies, such as banks or some online shopping sites, provide Authentication through their own mobile apps. If you attempt to log in, or access certain services (such as transferring money) on a web browser or different device, your mobile app will be pinged with the 2FA OTP code in order to prove you are the authorized user. 

By using any of these forms of unique code assures that, even if someone has your username and password, without a unique one-time pass code, they cannot log in to your account. 

You may have notice, though, that all these solutions require you to have access to your phone to be able to receive the code. 

But what if you do not have access to your phone or it has no power at that time? 

That’s where password managers can help. 

How can Password Managers help with 2FA?

Password managers allow you to securely store passwords for every one of your online accounts. 

Some password managers, however, such as 1Password or MyGlue, also give you the option of adding in two-factor authentication codes or one-time password authentication codes as well. 

This means that rather than using a phone-only based authenticator app you can log in to your password manager on any device or web browser to see your account passwords & two factor or one-time passwords. OTPs can be accessed from anywhere, across phone, tablet, computer and web browser. 

Just remember to secure your password manager behind a password that you do not use anywhere else.  

And if you want to find out more about Password Managers look out for a future video on them. 

We’ll also be producing more content on this and other tech topics in future, so be sure to subscribe to our socials and subscribe to Techsplained and TechBytes to be the first to know about future content. 

We hope you have found this information useful. Leave us a comment over on our YouTube Channel to let us know what you think or to ask a question.