Two-Factor Authentication: How It Works and Why You Should Use It

It’s getting increasingly risky to use online services. You store a lot of your personal data in the cloud, and your credit cards are linked to accounts on retail websites. Hackers would love to get at your data, to empty your bank account, or to access your email account, using it for spam and phishing. And if someone can pretend they are you — steal your identity — they can cause innumerable problems to you and your finances.

We also hear of an increasing number of data breaches, where major websites, stores, or services have entire databases of user names and passwords hacked. These databases are then traded on the hacker underground, allowing anyone willing to pay a few cents per name to access your accounts. And in some cases, they’re passed around for free.

More and more websites and services are using two-step or two-factor authentication to provide an additional layer of security. This security technique verifies your identity when you log into a website by requiring you to both know something and have something. The thing you need to know is a user name and a password or a PIN; the thing you need to have is, these days, a mobile phone, but it could also be a USB dongle or other device that can generate one-time codes.

Read the rest of the article on The Mac Security Blog.

8 thoughts on “Two-Factor Authentication: How It Works and Why You Should Use It

  1. How does 2FA work if you, or when you, travel abroad for work (or pleasure), and may a have different phone number?
    Would a USB stick method be required?
    What happens if you lose that stick?

    • It depends on the service. You could simply change the phone number temporarily for most of them, I think. It would be a hassle, if you use multiple services with 2FA, though.

      Another option is to use an authentication app, such as Authy, but not all services support that.

  2. How does 2FA work if you, or when you, travel abroad for work (or pleasure), and may a have different phone number?
    Would a USB stick method be required?
    What happens if you lose that stick?

    • It depends on the service. You could simply change the phone number temporarily for most of them, I think. It would be a hassle, if you use multiple services with 2FA, though.

      Another option is to use an authentication app, such as Authy, but not all services support that.

  3. Good article. Two comments.

    1. I was a bit surprised at your comment that “most major banks” use 2FA. I have accounts at two of the three largest banks in the USA. Neither offers 2FA. I hope they will adopt it soon.

    2. I use the Mail client on my Mac. Within Mail, I have configured several iCloud, Google and Outlook accounts. When I turned 2FA on for Google and Outlook, I then had to create app-specific passwords in order for those email accounts to function properly within Mail. I kind of understand why this is necessary, but I view it as a poor design. Remembering where I used “real” passwords and app-specific passwords is a tedious chore when one periodically changes one’s passwords.

    Again, good article!

    • I’m surprised more banks in the US don’t use 2FA. But when you think about it, they still don’t use chip-and-PIN bank cards either. I guess they don’t mind the fraud.

      As for the second point, I agree. I don’t like app-specific passwords. They’re confusing.

  4. Good article. Two comments.

    1. I was a bit surprised at your comment that “most major banks” use 2FA. I have accounts at two of the three largest banks in the USA. Neither offers 2FA. I hope they will adopt it soon.

    2. I use the Mail client on my Mac. Within Mail, I have configured several iCloud, Google and Outlook accounts. When I turned 2FA on for Google and Outlook, I then had to create app-specific passwords in order for those email accounts to function properly within Mail. I kind of understand why this is necessary, but I view it as a poor design. Remembering where I used “real” passwords and app-specific passwords is a tedious chore when one periodically changes one’s passwords.

    Again, good article!

    • I’m surprised more banks in the US don’t use 2FA. But when you think about it, they still don’t use chip-and-PIN bank cards either. I guess they don’t mind the fraud.

      As for the second point, I agree. I don’t like app-specific passwords. They’re confusing.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.