Why do I need to enable two-factor authentication?

If you regularly make purchases on the Internet, it is likely that your bank has activated the following system: before validating a payment, a code is sent by SMS on your phone mobile. You must enter this code online so that the payment can take place.

This system – thetwo-factor authentication or 2FA (2 Factors Authentication) is what has been found simpler to date to resolve the insufficiency of the system of Passwords.

Password protection has lived

It all started with an observation: the password system has lived. It has too many weaknesses to offer absolute security.

• First, a large number of users use expressions that hackers can easily “crack”. Every year, Splashdata publishes the list of the 25 most used passwords. It might be hard to believe it but the reality is there, the No. 1 of the lot is: “123456”. Number 2 is barely more complex: “123456789”. And # 3 is “QWERTY,” which is the first six letters of an American keyboard.
• It is also common for users to use combinations that are easy to guess. Example: Claude Dubois, born January 24, 1984, will have the password: “CD240184”.
• Even though the password would be more complex, hackers have developed a large number of techniques to get a user to reveal his password in spite of himself. One of these methods is the phishing, or a site which faithfully reproduces the interface of a site known as Amazon.
• Another method is to place on thecomputer of a user a keylogger, that is, a program that records what it types on its keyboard.
• It is common for databases to be hacked and for hackers to gain access to the passwords of a large number of users. In September 2018, Facebook was forced to reveal that a security breach had compromised 50 million accounts, including 200,000 in France.

The need for alternatives to passwords

To remedy the weaknesses of the password system, many systems have been devised.

• If you have an iPhone, you know that Apple has opted for a biometric identification (the recognition of attributes physical) as the sesame of your device. First of all the fingerprints, more recently, facial identification.
• From applications such as Dashlane, 1Password, KeePass or LastPass create ultra-complex and different passwords for each site visited, and provide them on their own on each visit.
• Protection systems involving a key Usb were developed, such as the Yubikey by Yubico. In the sector of cryptocurrency, the French company Ledger offers a key of this type, which stores all access to wallets (wallets) and exchanges (market places).
• Companies such as Google Where Microsoft are working, in partnership with companies such as Visa or Mastercard, on a universal alternative that would be used on the Web.

However, two-factor authentication is the simplest system. It was put in place by a large number of Web players, in particular banks and for good reason: the second European Directive on payment services, in force since January 13, 2018 – and aimed at strengthening the security of payments by line – advocates the use of this two-factor authentication by payment service providers.

On sites such as Facebook, Twitter, Amazon, it is up to the user to take the step of activating two-factor authentication – it is not offered by default. Be aware that sometimes this system is called “two-step verification”.

How does it work ?

Two-factor authentication (2FA) works like this. If an intruder tries to gain access to your wallet cryptocurrency, to your Cloud, to your Twitter or Amazon account from an unusual device, a security code is sent in the form of an SMS or even to an e-mail address, sometimes also on an authenticator application. It is necessary to type in this code before you can proceed.

So even then, even if you would use a password little solid, it will be impossible for a hacker to enter your account or carry out financial transactions.

In addition, receiving a code requesting access to your Facebook or Amazon may alert you that someone has “cracked” your password, which alerts you to the need to change it immediately.

The need for 2FA is even more important if you are managing a cryptocurrency account. Many exchanges – this is particularly the case of Binance or Coinbase – require this authentication before authorizing a transfer of crypto-assets to an external address. In addition, on a site such as Binance, you can also protect access to your account by scanning a barcode from the corresponding mobile application.

Authentication applications

In order to protect their users against any risk of scams, a large number of cryptocurrency-related applications may require enhanced verification. For example, on Binance, it is possible to require a higher level authentication:

• sending an SMS to a mobile phone;
• validation via an authentication application that must be launched on his mobile such as Google Authenticator.

Result: it is necessary to type two codes to authorize a transaction. Whenever such an option is offered, it must be activated. It would be too bad to see a wallet emptied of its assets following an intrusion.

To choose, it is better to adopt a validation via an app like Google Authenticator than sending an SMS. An SMS message could be intercepted by a zealous hacker, while an authenticator app enjoys a higher level of security. However, the ideal is to activate both.

Also sometimes the Google Authentication app will just ask you to hit the “Yes” key in response to a question such as: “Are you trying to sign in?” “. The validation is therefore fast, but efficient. In particular, Google may request this verification each time you connect to Gmail, Google Sheets, or other home app from an unusual device. In fact, Google considers this protection so important that since November 2021, this publisher has decided to impose it on two million account owners. Youtube and intends to extend it to various Google accounts.

We can only advise to take advantage of these various authentication systems. It doesn’t matter if you waste a little time providing these sesame seeds each time. The security of your accounts is at stake. Those who have had their Facebook hacked can easily testify to the nuisances that they thus suffered.