Today’s Cybersecurity tip is: enable multifactor authentication (MFA) or two-factor authentication (2FA)
You’re already familiar with authentication, which is proving you are who you say you are. The most popular way to authenticate to a service or system online is using an email address and password. These are considered “something you know.” To make authentication more secure, we need to add another factor … like “something you have” or “something you are.”
“Something you are” would be biometrics (like facial recognition on Android and FaceID on iPhone). “Something you have” would be enabling a limited time passcode or requiring you to approve a login remotely from your mobile device … often by sending you a limited time token through text which you then enter on the site. The thought being that hackers might have your username and password, but they can’t get that limited time token without having physical access to your mobile device or computer.
Most services these days can enable some sort of 2FA or MFA. I’ll walk you through setting up both a code generator app and 2FA in Twitter. I will use Authy for this example, but there are several other options including Google Authenticator and Microsoft Authenticator.
- Install Authy and setup your account using your mobile device number (or login to your existing account)
- Log into Twitter and visit Settings
- Under Account -> Security click the button that reads “Setup a code generator app”
- On the popup window, you will either copy-and-paste the Secret Key or scan the QR Code with Authy
- Authy will generate a six-digit code that is good for 30 seconds; copy that code and paste in the Security Code box in the Twitter popup and click “Done” to complete the setup
Now every time you log into Twitter (only on a new device or if you logged out on your existing device) you will be prompted for your email address and password as well as a six-digit code generated by Authy.
Take 30 minutes or so to visit the settings in all your favorite apps to setup 2FA and you can feel safe in the knowledge that even if your username, email, and/or password are breached that your accounts are still safe.
See you tomorrow!