Simply put, 2FA – short for two-factor authentication – is an additional way to add security to the apps you use.
Websites, and online applications, and other apps usually identify people is with usernames and passwords. You use usernames and passwords all over the place: your bank accounts, social media, memberships, online shopping, everywhere. Usernames and passwords are things that you know.
2FA “ups the ante” for identification by also requiring that you have something that identifies you. A special thingy that can’t easily be copied. When your website or online application enforces 2FA, it means that without these two factors (something you know and something you have), the system won’t let you in. Wait. What?
Guarding the Door
Let’s think about this in real-world terms. Think of 2FA as guard in front of a door. You don’t get in that door unless you provide the guard with three pieces of identification:
- a username
- a password
- a super special handshake
If that guard didn’t need that special handshake, anyone with the right username and password could walk through that door, right? The 2FA guard, however, demands and verifies that extra piece of identification before allowing entry.
So what’s so special about this handshake?
Well, the handshake is different for every person. And it changes every minute. So even if someone sees the handshake now, they can’t use it later because it’s won’t be the same handshake. Ever.
Great, More Stuff for me to Forget or Lose!?!?
Sometimes 2FA does involve an extra thing you have hanging on your keychain. More recently though, it’s something you’re already carrying: your mobile phone. Some 2FAs send you a text message on your phone with a number that you have to type in. Other types require you to have an app on your phone that works with the thing you’re trying to access. In either case, the thing you have – your phone – presents you with a digital, time-limited code to get you past the guard in front of that door. Examples of these include Google Authenticator, Microsoft Authenticator, or specialized apps including Duo, Authy, and others.
So Why do I Want 2FA?
2FA is all about helping to keep systems more secure by making it harder for others to pretend they’re you. It’s meant to add roadblocks to getting into your accounts makes them harder to get into. And things that are hard to get into are less desirable because there are millions of easier targets to hit.
Why should you care? Your bank/credit card/secure app has a super tech team watching your stuff, right? What’s with the guard? It’s because watching things is hard. Especially if there’s lots of things to watch. If you’re only using a username and password, who’s to say that you weren’t just in the coffee shop down the street checking in on things?
The reason you should care is because it helps to keep your private stuff private. It’s one extra measure that ensures that someone else doesn’t log into your account. Even if you’re changing your passwords on a regular basis and using a password manager to do it (you’re doing that, right?), 2FA is your super special handshake that opens that final lock to let you in the door.
Doesn’t 2FA Just Make it Harder for Me?
So, yeah, 2FA adds one more thing for you to do when you log in. But really, using 2FA means that it requires significantly more effort for someone else to get into your 2FA protected account. Not only do they need your username AND password, but now they need access to this 2FA thing.
It’s All About Keeping Your Stuff Secure
2FA isn’t meant to be a perfect solution or to completely solve user identification issues. In the door guard example above, it is absolutely possible that someone could follow in right after you and show those same credentials to the guard.
Instead it’s meant to add roadblocks to getting into your accounts makes them harder to get into. And things that are hard to get into are less desirable because there are millions of easier targets to hit.
Having your stuff online is like putting your wallet in a box on the side of the street with a sign that says “Please don’t take this” and hoping people don’t do bad things. If your wallet has to be in a box on the side of the road, at least put lid with a couple of locks on it to help keep people honest.