Meet our friend, two-factor authentication.
Your website is minding its own business, right? Hanging out, doing its thing, and trying to spread information and awareness about your cause. Noble!
Yet these days, websites also need to do more … they need to keep themselves secure.
Because what if people went to your website — only they ended up at a site promoting pharmaceuticals? Or what if someone else gained control of your Facebook account, and started posting things you didn’t like about politics.
These are hacks that happen regularly. And the amount of time people and organizations have to spend resolving a hack is far longer and more tedious than taking a simple security step that could’ve prevented the hack in the first place.
Meet two-factor authentication! A welcome addition to online security that we want you to start implementing right now. But first, we’ll tell you what, why and how.
What is two-factor authentication?
Have you ever logged in to pay a bill, and then received a code via email to complete your login?
Has the account you’re logging into ever required a code from an authenticator app?
These are examples of two-factor authentication (also called 2-step verification, multi-factor authentication or 2FA). It makes you authenticate your identity in order to assure that IT’S YOU — and it’s a powerful way of keeping your account secure.
But it’s an extra step!? Tiny extra step = completely worth it.
Yes, it takes an extra step, and might even feel frustrating at first — but if you’ve ever been hacked, you know how truly frustrating it can be to fix breached security.
There are three types of two-factor authentication:
SMS text / email your code: If you’ve logged into a bank recently, you’ve probably seen this kind of two-factor authentication. It’s where when you attempt to log in, the website says, “We sent a code to your email” — and then you have to retrieve the code and enter it to complete your login. (Many financial institutions use this method.)
Click on a link: This is similar to the approach above, except that the website will send you a link that you have to click on to complete your login. (Emma email marketing currently uses this approach.)
Authenticator app: If you turn on two-factor authentication in Facebook, for example, it’s going to tell you you need an authentication app. It gives you a list of apps that work; we like Sophos Authenticator (Available for Apple/Andriod) or Google Authenticator. Then, Facebook provides you a QR code, and you scan the code through your authenticator app. Now, every time you log into Facebook, it will prompt you for a code, which is generated inside the app. It has a time limit, and if you miss the time frame, a new code will be provided.
Where is two-factor authentication heading?
Each user utilizing their own authentication app is becoming the predominant way to authenticate. A lot of platforms are headed in this direction! The reason? For the companies, it requires less oversight (they don’t have to manage it), and for you, it’s more secure because it’s on your phone.
Yes, using an authentication app is an additional step, but you get used to it quickly, and the security is well worth it. (Also, we find you don’t need to use it every time you open an app or website, as long as you haven’t logged out from your previous session.)
It’s also quite convenient as your primary mode of authentication. Within your Google Authenticator app, you will see codes for all the apps you have it turned on for — all in one place.
Where and how to start using two-factor authentication…
Everywhere! Yes, everywhere you log into, everywhere it’s available as an option — from workplace to personal: Your WordPress or Square website, email marketing platforms, and social media platforms. The option to turn on two-factor authentication will be available in your settings on many platforms. Google Authenticator can be downloaded at Google Play or Apple.
At Boomerang Marketing, we are encouraging clients to add a plugin to their WordPress sites to enable two-factor authentication. We are also happy to advise you on security if your site is built elsewhere.
Takeaway: Two-factor takes two seconds — and it’s well worth it!
Using two-factor authentication will save you time and headaches in the future. Plus, there’s a feel-good factor that comes from knowing you’ve taken protective measures for your security.
Not sure where or how to implement two-factor authentication? Schedule an intro call.