We imagine no 9to5Mac reader needs to be told to use two-factor authentication (2FA) security wherever possible, but how do you know which websites support it … ?
If you need to convince non-techy friends to use two-factor authentication, you can point them to this quick guide – and the link to a directory of all the websites which support it.
The problem
Website breaches happen all the time, which gives the attacker a list of usernames and passwords. Knowing how many people use the same logins for multiple websites (please don’t do that), the first thing they do is try the same credentials on a whole bunch of popular sites.
But even if you use unique passwords for each site, a hacker who gains access to your account on sensitive sites could cause you a lot of trouble. Think Apple ID, LinkedIn, Google, and so on. Both your privacy and your cash could be at risk.
The solution: Use two-factor authentication
Two-factor authentication is sometimes referred to as “something you have, and something you know.” Think of using an ATM – your bank card is something you have, and your PIN is something you know.
For online services, your password is the “something you know.” The “something you have” may be a specific piece of hardware; for example, some banks issue hardware devices to generate codes. But more usually, it’s your phone.
How 2FA works with your smartphone
Whenever you login to a website for the first time on a new phone, you’ll use your username and password as usual – but it will then ask you for a one-time code to complete that login. You might also see this code referred to as a software token.
One option usually offered is to text the code to you. Ideally, you shouldn’t use this method, as it is vulnerable to what are known as SIM-swap attacks – where a hacker poses as you to persuade your carrier to issue a new SIM, and send it to them. All your texts – including 2FA codes – then go to them instead of you.
A better option, when offered, is to use an authentication app. The iPhone has this capability built-in. Alternatively, you can use a third-party app like Google Authenticator. Either way, when you tell a website you want to use 2FA, it will display a QR code. You point your phone’s camera at the code, and that sets it up for you.
Once it’s set up, you usually get the option to remember your device – then you can skip the code next time, as the website can see you are using a phone which belongs to you.
Where can you use two-factor authentication?
A lot of websites offer 2FA these days. To check whether your important sites do, search for it in this directory.
Alternatively, if you need help identifying websites where you might want to use it, you can browse by category to see all the sites which offer it.
FTC: We use income earning auto affiliate links. More.
Comments