Jean Galea

Health, Wealth & Happiness

  • Home
  • Start Here
  • About
  • Investing
  • Podcast
  • Padel
  • Contact
  • Search

When and How to Use Two Factor Authentication

Last updated: December 03, 20207 Comments

Two-factor authentication or 2FA is a way of making your logins more secure, by not only requiring a username and password when signing in, but also a special extra code that can either be received as an SMS or else generated by an app or device.

Most of you will already have used 2FA, perhaps without knowing so, when you log in to your internet banking. Most banks give out a 2FA device or card which stores some codes you are required to enter when logging in. This ensures that if someone guesses or cracks your password, they still won’t be able to login unless they are also successful in robbing your physical 2FA device.

I would use 2FA whenever it is possible, but I especially highly suggest using it on websites that contain sensitive information that can be used by a hacker to damage you or steal assets.

Here are a few popular sites to use 2FA on:

  • Social media (Instagram, Facebook, Twitter etc)
  • Crypto exchanges (Kraken, Coinbase etc)
  • Amazon and other e-commerce sites that you use frequently.
  • Dropbox and similar platforms storing your files.
  • Email accounts (Gmail etc)

For a bigger list check out this site.

How to do 2FA

SMS is one of the most popular but least secure ways of doing 2FA, as sim swap attacks have become popular in recent years. It is highly encouraged to use an app or hardware device for 2FA when possible.

I like the Google Authenticator app and have used it for 2FA purposes. Another popular app is Authy, and it’s probably a better app than Google Authenticator in many ways, including the ability to use it on a desktop as well as being able to set it up on multiple devices.

There are also hardware devices that can be used for 2FA. Probably the most popular one is the Yubikey, while other competitors are Google Titan and Nitrokey.

If you are using the 1Password software, an even easier way to do 2FA is to replace Google Authenticator/Authy/Yubikey with 1Password itself. It has the ability to generate one-time passwords for 2FA purposes. If you wish, you can use both apps at the same time and see which one you like best, they will generate the same number so they are interchangeable.

Now it must be mentioned that using 1Password is less secure than using a hardware device or even an app like Authy or Google Authenticator. The reason is that if someone gets into possession of one of your devices and manages to enter your 1Password vaults using your main password (by guessing or other means of social hacking), they will not only have access to your usernames and passwords, but also to the 2FA codes. Then again, if you’re using a device for 2FA but you’re storing the backup words on 1Password, as many undoubtedly do, you will still run into this attack vector.

Here’s a website that serves as a guide to setting up 2FA on the most popular platforms and websites.

Filed under: Tech

Related

About Jean Galea

Jean Galea is a dad, amateur padel player, host of the Mastermind.fm podcast, investor and entrepreneur.

Comments

  1. Faiz says

    February 22, 2019 at 5:49 am

    You can add your
    2FA codes to 1Password
    thanks fro provideing info……

    Reply
  2. Donnacha MacGloinn says

    February 17, 2018 at 3:19 pm

    Pro Tip: You can add your 2FA codes to 1Password!

    Reply
    • Jean says

      February 17, 2018 at 3:25 pm

      Yep, indeed that should be part of the workflow.

      Reply
    • Emerson Farrugia says

      February 18, 2018 at 5:05 pm

      No it shouldn’t, that defeats the purpose of MFA. Anyone who gains access to your 1Password vault now has access to any account within it. You’re back down to one factor.

      Reply
    • Jean says

      February 18, 2018 at 5:58 pm

      Emerson We are referring to the app and not the hosted version of 1p here.

      Reply
    • Emerson Farrugia says

      February 19, 2018 at 10:11 am

      Jean what’s the difference? If you keep passwords and TOTP secrets in the app, anyone with access to your app has access to your accounts, ergo the app becomes the single factor. As compared with somebody getting access to Google Authenticator or Duo on your phone. The OTP values aren’t sufficient without your passwords, so another factor remains necessary.

      Or from 1Password themselves, https://blog.agilebits.com/2015/01/26/totp-for-1password-users/, search for “Second factor”

      Reply
      • Jean says

        February 19, 2018 at 11:20 am

        Since both 1Password and Authenticator sit on your phone, I don’t see why it’s more secure to use Authenticator. One might argue that most people have 1P on their laptops as well, which is increases the surface of attack, but beyond that, they are pretty equal as I see it, unless I’m missing something.

Leave a Reply Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords or links in the name field.

Subscribe to my Newsletter

Success

Instagram

Powered by Spotlight

Latest Padel Match

Jean Galea

Investor. Dad. Global Citizen. Padel Player.

Follow @jeangalea

  • Email
  • Instagram
  • LinkedIn
  • RSS
  • Twitter
  • YouTube
  • Impossible List
  • Start a Blog
  • Affiliate Disclaimer
  • Search
  • Cookies
  • Contact

Copyright © 2021 · Hosted at Kinsta · Built on the Genesis Framework