26.9.2018

Implement two-factor authentication (2FA) right away

Two-factor authentication is an easy way to increase security

Two Factor Authentication (2FA) is a technology that, as its name suggests, uses two different authentication methods to verify identity. This method significantly increases the level of security, for example when using online services. A username and password alone are no longer secure enough to identify a user's identity - especially as the most common passwords in the world are still "123456" and "password".

It is up to the service which two-factor authentication method is supported. The most common option is an email password when logging in. When a user enters their username and password to the new service from an unfamiliar device, the service will also ask them to enter the pin code sent to their email. Some services use their own phone apps for two-factor authentication. Another example familiar to every Finn is the online banking key-lock lists, which require you to enter your PIN every time you log in, depending on the bank.

How does 2FA work?

Two-factor authentication or multi-factor authentication relies on some method to verify the identity of the user in addition to the username and password. The most common methods are the so-called. Time-Based One Time Password (TOTP) or HMAC-based One Time Password (HOTP).

TOTP is an algorithm that calculates the authentication key using a secret algorithm and time of day shared between the devices and the server.

HTOP is an algorithm that uses the Hash-based message authentication code (HMAC) method to calculate a certificate.

The most common 2FA application is Google Authenticator, which uses both of the above algorithms to calculate the certificate.

Enable two-factor authentication everywhere

In business use, authentication with a physical device has often been used. An example of this is the YubiKey key, which is required to be read via USB port or NFC when logging in.

I recommend that you implement two-factor authentication in all services where it is possible. Below is a list of simple instructions on how to deploy 2FA for the most common services.

2FA deployment in different services

Facebook

Facebook supports its own two-step authentication, which works in practice via SMS or the Facebook Mobile app. You can also use Google Authenticator or Duo Mobile if you prefer. Choose the option that's right for you.

Commissioning:

  1. Log in to Facebook and click on the small triangle in the top right-hand corner.
  2. Click on "Settings".
  3. Click on "Security and login" in the left sidebar.
  4. Scroll down to "Two-factor authentication".
  5. Click on "Use two-factor authentication".
  6. A new page will open where you can configure the 2FA settings. Press "Start".
  7. Select which method you want to use to receive 2FA authentication.
  8. If you chose SMS confirmation, enter your phone number in the box and send the confirmation. Then enter the number sequence received by SMS in the 2FA setting box.
  9. If you selected the "Authentication app" option, open the Google Authenticator app and scan the QR code that appears with your camera. Click "Next" and enter the certificate you see in Google Authenticator in the Facebook settings box.
  10. 2FA is now live!

Google

Google supports several different 2FA methods, but the most common option is to use Google's own 2FA feature on Android phones. This method works so that when you sign in to your Google Account, you'll receive a notification on your Android phone of a new sign-in attempt. If it was you, press "Yes" to log in. As a new feature, Google has also added the ability to sign in using your phone. You just enter your email address and confirmation is done via your phone. Allan you can see how this will be implemented.

Commissioning:

  1. Go to: https://myaccount.google.com/
  2. Log in to your account and click on the "Security" tab on the left-hand side.
  3. Go to "Sign in with your phone" and click on it to continue. (If you want to use the more traditional 2FA mentality, click on "2-step verification" and follow the instructions.)
  4. Click on "Configure". You may need to sign in again at this point.
  5. From the list, select the phone you want to use to sign in. Your phone must have screen lock enabled.
  6. Press "Next" and then open your phone, which will open a new window. Click "Yes".
  7. Finally, press the "Enable" button in the settings screen.

Instagram

Instagram supports Google Authenticator and SMS verification.

Commissioning:

  1. Open the Instagram app on your phone.
  2. In the bottom left corner, click to open your profile.
  3. From the top right corner, press the nice line. And click on "Settings" at the bottom right.
  4. Go to "Security".
  5. Select "Two-factor authentication".
  6. Press "Start".
  7. Choose the option that's right for you. As an example, we use SMS verification.
  8. Fill in the box with the number sequence you received by SMS and press "Next".
  9. Click "Done" and two-step authentication is turned on in Instagram.

Snapchat

Snapchat supports Google Authenticator, as well as SMS verification.

Commissioning:

  1. Open the Snapchat app on your phone.
  2. Click on your profile picture in the top left corner.
  3. Press the wheel in the top right corner.
  4. Click on "Two-step authentication".
  5. Select the method you want to use for two-step authentication.
  6. Open Google Authenticator and scan the QR code if you selected "Authentication app". Finally, enter the code in the Google Authenticator to confirm that 2FA is enabled.
  7. Enter the code you received by SMS if you selected "SMS verification" for two-step authentication.
Written by Tuomas
Yrittäjä @ Tuonetti
Strong Finnish Internet Partner
finnish company
code from finland
finnish keyflag
fi broker
google cloud partner
© 2022 Tuonetti - All rights reserved.