Two Factor Authentication (2FA)

By | Oct 11, 2017
Google Authenticator Image
Spread the love

If you’ve not yet got your head around 2FA (Two Factor Authentication), then it’s time you did!

Basically, it is a system whereby, after logging into a website, you have to enter a 2FA code. The best code generator available that I know of is Google Authenticator, and it works on smartphones and tablets. You can download it from Google Play or the App Store on IOS.

The app is instinctive to use, so first download the app to have it immediately available. It always runs in the background unless you deliberately close it. Don’t do that! Once you start doing 2FA, you’ll need the app running all the time.

How to Use it

It’s simple really. When you go to a website that has 2FA ability, you’ll see a message saying Enable Two Factor Authentication? Click ‘Yes’, and you will be presented with a screen that has a barcode. You click the + symbol on your Authenticator App, and it switches on your phone camera. Centre the barcode on the square in the middle of your screen, and you’ll immediately have the 2FA enabled for that website. You can then log out of the site, and when you log back in, after you enter your username and password, a box will appear in which to enter your six-digit Authenticator code. An example of the randomly changing codes is above. Be fast, the codes change fast.

The code is generated using a random factor taken from your phone, plus a randomisation algorithm supplied by Google, so no two people can possibly have the same authentication number. Even if someone was looking over your shoulder and snapped a photo of your codes, they’d be out of date in seconds, and unusable.

Risk

The only possible risk is that you have lost an unlocked phone where you’ve been stupid enough to store usernames and passwords. If you store them on your phone, you deserve to lose them. Instead of doing that, use a hardware wallet like the Trezor to store those details offline. That way, even if someone stole both your phone and your Trezor, there is no way they could get into your accounts, unless you’ve also been stupid enough to store your Trezor key on your phone. Again, don’t do that!

A couple of other things not to do…

Don’t use a website/platform/exchange that does not have two factor authentication enabled, when it comes to any cryptocurrency dealings. And don’t use one that uses a text message as your 2FA. Neither are safe. Oh, and never deal with an exchange that has not got HTTPS enabled. Plus carefully check-up on any website you consider using. Spoof websites are up there using very similar names, and they might even have 2FA enabled, so check the spelling before putting in your username and password. Although your 2FA changes so fast that you actually have to be fast to put it in before the code changes, software is faster than any human and can immediately make the connection with the real website, put in the details you just entered, and gain access to the account you were trying to access. Just a warning, but be careful about web addresses! People have mysteriously lost their coins before now and that is one possible route.

Trezor Screenshot from Tezor.io. A highly secure method of two factor authentication.

TrezorTrezor Screenshot from Tezor.io

For your Trezor device, or any hardware wallet, use a number that only you could possibly know. Don’t use your ID number, your Social Security number, Insurance number, car registration number, date of birth, or any other number that has any association with you. Perhaps combine an important date in history, but not an obvious one like 9/11, with the date of someone’s significant birthday. Important enough to you, that combination, but nobody else could ever guess it. Then memorise it until you could never, ever, forget it, and then shred or burn it, or tear it up and flush it down your toilet.

But remember this, and remember it well. If you forget the number, or get Alzheimer’s, or have a stroke, there will be no way for anyone to recover your accounts, so your cryptocurrencies will be lost forever.

With that in mind, consider who you would trust to keep your number safe, and share it only with that person, after stressing the importance of everything involved!