Hey everyone! It’s time for another “ask me” post.

If you’re new, welcome! Allow me to explain a bit…

It is my hope that I can help explain things related to cyber and information security (or InfoSec) to non-technical, everyday people.

I don’t want these to be long, lengthy, drawn-out posts. It is my goal to make these short, sweet, and to the point. I hope you enjoy these, and hopefully learn something from them as well. 🙂

With that said…

What is “two-factor authentication”?

Everyone (yes, EVERYONE) should be familiar with passwords by now. You know the drill, you visit a social media/email/streaming/etc. site, you enter in your username and password, and then are allowed to go on your merry way. This is known as single-factor authentication (SFA). Your password is what is used to “authenticate” you, or, to verify you are who you say you are. Your password is “something you know”.

You might have noticed a number of sites you may visit offering to set up receiving a text message (SMS) code for you to type in when logging onto a site. You enter in your username and password, the site sends a code to your phone as a text message, and asks you to enter said code. This is based upon “something you have” (your phone), and is an additional step (a second factor) to authentication.

There tends to be quite a bit of a debate as to how secure SMS codes are.

Are they secure?

Personally, not terribly. Nowadays, it’s not terribly difficult for someone malicious to obtain information about your cell phone, and even intercept text messages and such. HOWEVER, it is MUCH more secure than not having two-factor authentication at all.

If you want to get really nerdy about it, there are other methods of 2FA, such as authenticator apps (an app that gives you a randomly generated code to enter specific to that particular site), or even hardware “tokens” (a physical device that display numbers to type in, or you connect to your computer or hold near your mobile device).

If you aren’t doing it already, please consider using 2FA on your accounts across the interwebs. Everyone needs to do their part to keep secure!

Hope you enjoyed this. Feel free to reach out with any questions, or suggestions for future posts.