Two-factor Authentication: What You Must Know
I guess you already use it in your everyday life. But in the technical world it is not widespread yet. With this post, I would like to emphasize the importance of authentication and convince you to secure your accounts with the two-factor authentication. Especially, if your crypto currencies are affected!
What is the Two-factor Authentication?
The two-factor Authentication (abbrev. 2FA) is an additional level of security for your authentication. Usually, you just need a password to authenticate yourself on a website. This is kind of a one-factor authentication. However, as soon as there is a hacker attack, your credentials can be stolen and someone else can authenticate as yourself. With 2FA you can add an additional barrier. This will make the account more secure. Having 2FA does not define the type of your additional authentication. You have three options for that:
- Something you know: A passwort, PIN, …
- Something you have: A smartphone, chip card, USB stick, …
- Something you are: Finger scan, eye scanner, voice, …
With two-factor authentication, you activate two out of the three options. The most common case is the activation of something you know and something you have. The authentication with something you are, so a biometric authentication is in my eyes still in development and is quite often faulty. Maybe you even had own bad experience with a mobile finger scanner – at least my mobile accepts everyone’s finger! Or on my laptop, I can use my thumb as well as my ring finger. I do not really trust that.
How to Activate Two-factor Authentication?
The 2FA must be activated for every service individually. If you want to use your smartphone as second authentication factor, you can jump right into it and go on.
Let’s assume you want to activate 2FA on the exchange Poloniex. First, you click on the wrench in the upper right and then “two-factor authentication”. It will lead you to a screen where you can activate 2FA. On the left side you need to verify your current account data again and additionally enter a code. On the right side you will find a QR code and a 16 character long private key.
Next, you download the Google Authenticator app in the Google Play Store or from the iTunes Store. Once installed, you can start it and log into your Google account. The app is just needed in order to create a second code on your device. Once logged in, click on the lower right on the + symbol and scan the bar code you can see on the website. Instantly, you will see a new entry in a list with a six digit number and a small text hint. In my case it says: email@example.com@poloniex.com.
Hint: It is very important to save the 16 character long private key somewhere safe. In case you will loose your smartphone it is the only option to recover your access!
As soon as you have the entry in the Google Authenticator, you can enter the current six digit like 235 828 number in the code field in Poloniex. Then click the “Enable 2FA” button and you account is instantly better secured!
When you log in the next time to Poloniex, you will be welcomed with a field to enter your 2FA code. Attention though, the code will always change every few seconds. So, it will not be the same code you had while activating the 2FA 🙂
Finally more secure!
With 2FA you should be able to sleep way more calmly than before, since you know that no one has access to your smartphone. Without that, no one can access your account. Finally, your money is better protected than before.
The issue with only a password is obvious: Once the password is revealed/hacked/leaked your money is just waiting to be withdrawn by the attacker! So, please secure your account with 2FA!