There are a variety of methods for ensuring that your digital presence is traceable and secure—from using factor authentication to using two-factor authentication.
But which one is right for your business? And should you even be using two-factor authentication at all?
Let’s explore the different types of two-factor authentication, what they offer, and whether or not it is worth adding to your security plan.
1. OTP (One Time Password) authentication: The simplest type of two-factor authentication
OTP ( One Time Password) authentication is the most common type of two-factor authentication. Like with many technologies, the adoption and popularity of a new authentication method may be determined by ease of use.
This can make OTP authentication a popular choice for first-time users because it is quick, convenient, and requires very little training. OTP authentication requires you to create a custom password policy, remember only one password, and require frequent password resets.
Most OTP providers will remind you to change your password frequently and to use different passwords for different services. In addition, you can set a timer to remind you to log into your account within an hour. If you forget your password, you can use an OTP to log into your account and access your content.
2. Google Authenticator: Uses your phone’s built-in authenticator service to generate an OTP
Google Authenticator is a mobile app that uses your phone’s built-in authenticator service to generate an OTP (One Time Password). A few key features set Google Authenticator apart from the other authentication options we have discussed:
- You can create an account with Google Authenticator and enable two-factor authentication. This means you will need to set up an account with Google, enable two-factor authentication, and enable Google Authenticator.
- You can also purchase Google Authenticator for the web, iPhone desktop app, and Android apps. This can be a bit pricey, but it does provide an excellent protection solution for organizations with multiple locations and employees who may not all use the same credentials.
3. SMS two-factor authentication: Adds a second factor via an SMS message
SMS (Short Message Service) authentication is not normally the first thing that comes to mind when it comes to two-factor authentication. However, SMS authentication is one of the most effective types of two-factor authentication available. Why?
Because it requires very little setup and can be used by anyone. You can set up an account with an authenticator service like Google Authenticator, or with a professional service such as Yubico.
When you receive an SMS message with a code, reply to the sender and copy the number that appears in the message. Now you have the codes for both your Google Authenticator and your Yubikey.
4. Yubico 2FA: Using a third-party app that is secured with your Yubikey or another key
You can secure your apps with your Yubikey, but what about when you are not using it? This is where Yubico 2FA comes into play.
When you purchase a Yubico 2FA device, such as the Yubikey Key, you get a security token that can be used as both a key and a code. You can easily switch between the two devices with a single screen tap.
With a Yubico 2FA device, you will only know you are using another device if you want to switch between them. This is one of the best-kept security secrets in the business—not many people know about this feature.
You can use it with any app that needs a special key, such as a shopping app that requires access to specific items in your cart before you pay.
5. Email Authentication: Is Sending an Email Enough?
One of the most requested questions from clients is “how do I protect my emails?” The short answer is that you should be using two-factor authentication for everything that you share an account with. This includes your email account, username, and password.
Do not simply log into your email account using your password. This is a huge security risk and can be easily cracked by hackers. If you are unsure if you need two-factor authentication for your account, the best option is to ask.
If you receive a message from someone asking for your login credentials or an offer of a trade, log into your account first to ensure that you are not being tricked. If you are unsure, look for a tech-savvy friend who can vouch for you.
6. Google Authenticator with Device Access: Requiring access to your device for the OTP code
One of the most effective ways to protect your account is to require access to your device for the codes that validate the authentication. This can be done by using a sync service, like Dropbox, that automatically uploads the codes to your device.
There are many different sync services that can be used to store the codes on your device. There are no restrictions on how long these codes can be stored, so long as you still have access to the device. When you have to log in with a new password, paste the codes into the app you used to store the codes, and then use the app to log in.
Another way to ensure that you are always using the most secure technique is to set a timer that requires you to log in with a new password within an hour. If you forget your password, you can use any available code to log into your account, see what you have access to, and access your content.
A two-factor authentication token ensures that no one can access your account without it, regardless of the service. There are several types of two-factor authentication tokens available for different services.
Regardless of which 2FA method you choose to use, remember to keep your backup codes in a safe place so that you won’t lose access to your account. In the event that you lose or fail to receive your phone’s authentication code, you can access your account by using these backup codes.