Two-Factor Authentication - This is how you secure your accounts

Martin Gschwentner

A few letters, one or two digits and a symbol here or there – if at all. That's what your virtual bodyguard looks like. They're the treasure map to your hidden riches, the lock to your diary. Password: How many have you typed in today?

You're always logged in somewhere. Laziness makes us easy-to-remember password or use the same ones over and over again. Who wants to remember a string of jumbled up letters and digits? Who even can?

But this is where the dangers lurk. Once a password is hacked, thieves and hackers have access to the most sensitive of your data. That especially goes for the master password of your password manager.

If you want to make hacking into your account almost impossible, you're going to need two-factor authentication.

Two-factor authentication, or 2FA, gets its name from the second factor that's added to your security. If you want to log into an online account, you'll need something that you know (i.e. a password) and something that you have (i.e. a signature or a smartphone).

Even if your phone lands in the wrongs hands, your online identity is protected by this second step of verification.

How Does Two-Factor Authentication Work?

When 2FA is activated, you log into your online account as you would any other day, using your username the appropriate password. Passwords don't offer much protection, so you need to further verify your identity. Oftentimes, that is done with a PIN that's been sent to a smartphone linked to that account or generated by 2FA app.

The advantages of two-factor authentication are obvious:

Better protection
Your password alone is useless to hackers and data thieves because they also need your smartphone or a printed list of TANs.

You choose the technology
There are many methods to use 2FA and many free apps for common smartphones and tablet. Choose a provider that fits you and your gadget portfolio the best.

An increase in productivity
2FA enables multiple user to access shared databases. Business use that extra flexibility to their advantage.

But that extra layer of protection comes with a few disadvantages as well:

You depend on the factors
There's no guarantee your authentication factors are always available when you need them. If, for example, your smartphone has been damaged or stolen or its battery is dead, you can't use 2FA.

False security
Let's assume you lose the second authentication factor. Now you're in the same situation a hacker who wants to gain access to your account would be in. If you can recover your online identity by means of some form of recovery feature, a skilled data thieve could as well. So stay vigilant, even when you're using 2FA.

Nevertheless, the advantages of using Two-factor authentication outweigh the disadvantages. But not every 2FA method is the same. There are numerous providers, methods and applications. How to set up 2FA varies from application to application.

Hold On – What Exactly Is the Difference between Authentication and Authentification?

It's very common that those two terms are used synonymously – incorrectly so. You might hear about two-factor authentication and two-factor authentification. Basically, those two word describe different parts of the same process. User authenticate themselves with their login data whereupon the system authentificates them.

The following example provides a step-by-step demonstration of you can set up two-factor authentication with one of the most popular password managers.

Example: How to Set Up 2FA with Dashlane

Dashlane is one of the many password managers we presented in our comparison of password managers. Just like many other providers, Dashlane attracts user the option to use 2FA. But like with many other applications, it needs to be activated manually.

Go to the "Extras" submenu or press Ctrl+O to open the app's setting. In the "Security" section, you'll find the option to activate two-factor authentication.

In the pop-up window you can choose whether you want to have 2FA activate for every logging or only if you're logging into Dashlane with a new device. Choosing the former would prevent thieves from gaining access to your account even if they've got your master password and your devices.

With Dashlane, you'll need an authenticator app in order to use 2FA. Alongside knowing your master password, you'll need to have a compatible smartphone or table with the app installed on it.

Download then the right app – for this example, we've used Google Authenticator – and follow the instructions. You can use the key provided by Dashlane or use the app to scan the QR code.

And that's it. Easy as pie. 2FA is now activated on your Dashlane app. Depending on what your settings are, the app is going to check your identity for every login or every new registration with an unknown device, using an authenticator app of your choice.

Other Methods of Verification

Dashlane uses authentication apps but there are other methods to apply two-step authentication:

• TAN/OTP systems (works with printed lists, too)

• Software or hardware token

• biometric characteristics (fingerprint, retina…)

What if I Lose My Device?

2FA is great and all that, as long as you're in possession of both authentication factors. But sometimes, phones get stolen or are lost. No worries, your password manager's got your back if that happens.

Dashlane, for example, creates ten backup codes when you set up two-factor authentication that you can save onto your hard drive.

Each of these combinations is a single-use replacement of the security code the authenticator app generates. If you want to turn off 2FA or switch devices, you'll need one of those codes.

Like we said earlier, there are many ways to use two-factor authentication and every password manager has its own approach. Some provide 2FA functionality to premium users only; a fact that might guide in finding the right app.

In general, 2FA is becoming more and more important to consumers and providers are reacting to the increase in demand by making that as easy as possible for everybody. Read our guide to learn everything you need to know about different available password managers and what they can do.

Author Martin Gschwentner
Martin Gschwentner majored in American Studies and Media Studies in Germany, the USA and France and works as a freelance editor in Paris. He is a doctoral student at the Institute for English and American Studies at the University of Paris Diderot, where he is researching the influence of money on US politics. On he writes about IT security, data protection and software for the self-employed and small businesses.
Other languages:
Deutsch Italiano