Here’s what you should use
Major data breaches that potentially expose your data to criminals have become a daily occurrence. The easiest way to protect yourself, even if your passwords are known, is with two-factor authentication – but not all multi-factor authentication methods are created equal.
Top 3 MFA Methods
Just because MFA provides an extra layer of security doesn’t mean cybercriminals can’t bypass MFA and gain access to your data. That being said, if you use one of these methods, the chances of them being able to crack the code are slim.
Physical security key
Imagine being able to access your computer like you would open your home – with a key. A physical security key is a tangible key that allows you to access your computer when inserted into a USB port. However, the main disadvantage of using a physical security key is that accessing your device becomes quite a complicated process if you lose it.
It is worth noting that there are two types of security keys: Bluetooth and USB. While both are incredibly secure, a physical Bluetooth-enabled security key can be vulnerable to man-in-the-middle attacks in which a password sent over Bluetooth is stolen. Such an attack is not possible when using a security key with USB.
Biometric authentication
What if instead of carrying the key in your pocket, you are the key? Biometric authentication means using a part of your body for authentication. Popular biometric methods include using a person’s face, fingerprint, voice, handwriting, and vein patterns.
Biometric authentication has become popular in recent years since Apple introduced Touch ID in 2013 (Android devices also received fingerprint biometrics in 2014, with Android 4.4). Many have started using biometrics to provide authentication because it is easy to use and incredibly secure. Unlike a physical key, which can be lost or stolen, chances are you won’t forget your finger at a restaurant anytime soon.
One-time password (Authenticator app)
One-Time Passwords (OTPs) are unique one-time passwords that must be used within a certain time frame before they expire. There are different ways to receive OTPs, but the most secure is through an authenticator app like Google Authenticator.
With Google Authenticator, you have up to 60 seconds to enter your one-time password before a new one is generated. Not all OTP methods are as secure as each other. As we’ll see later, one-time passwords sent via SMS and email aren’t nearly as secure.
Other MFA methods
Using any MFA method is better than using none. That being said, certain methods are better than others. Here are the best of the rest.
Push notification
Along with notifying you that you have received a new IG message or promotional offer, push notifications can also be used for security purposes. Once activated, push notifications will be sent through the app of your choice and must be approved or declined. The nice thing about push notifications is that they don’t require you to enter characters in the same way that an authentication app might, for example.
Push notifications are user-friendly, offer strong security and are fast. The main weakness is that if your device is lost or stolen, a thief only needs access to your unlocked phone to authenticate with a push notification, which he does.
Phone call
Let’s say you’re already signed in to your bank account, but you’ve enabled 2FA through a phone call. Once you have entered the correct username and password, you will receive a phone call at the number provided and a second password will be provided to you. This method is safe enough if you have access to the phone, but the phone can easily be stolen or lost. Not to mention that most phone calls are not encrypted. If a skilled hacker is targeting you, they can listen to your calls. Having just been sent an unencrypted password, they can easily steal your password and gain access to your account.
One-time password (SMS or email)
OTPs sent via SMS or email are not dangerous; however, they are one of the least secure ways to authenticate a user. SMS and email OPTs are appealing because they are simple and easy to implement. Less tech-savvy users may not want to set up an authentication app, know how to (or want to) enable biometric authentication, or even know what a physical security key is.
The problem is that SMS and even email can be compromised. 2FA is of little use if the second password is sent to a cybercriminal. SMS messages can also be sent unencrypted and intercepted.
Security issues
We’ve all filled out security questions at some point. Common security questions ask what your mother’s maiden name is, your pet’s name, and where you were born. The problem with these questions is that this information can probably be found out by anyone looking at your Facebook account. Another big problem is that these answers can be forgotten. Passwords and usernames are usually written down, either in a password manager or elsewhere; however, there are no answers to security questions. If you forget the answer, cybercriminals won’t be able to access your account, and neither will you.
There are many multi-factor authentication methods to choose from. Now that you know which ones are the most secure, you can make more informed decisions about how best to protect your data. Regardless of the method you choose, remember that any 2FA is better than none.