Tech specialists have been saying for a long time that 2-step verification is a must for any individual or person, and one of the most important things anyone can do to keep data and accounts safe. But adding an extra step still seemed like a big, unnecessary hassle for many of us, especially when it came to accessing accounts and platforms, we use every day. Google recently took the choice out of the equation in 2021, enabling 2-step verification automatically for Google accounts. And it’s working.
What is 2-step verification?
Also called multi-factor authentication (MFA), 2SV or 2FA, 2-step verification requires you to send one extra piece of data to log onto an account or take significant actions like resetting a password or making a payment to a new account. There are loads of different types of 2-step verification, but the basic principle is the same – you need to be able to supply two highly separate pieces of identification in order to access something or make significant changes. This can take the form of a physical card, password, random code, time-limited code, fingerprint, or facial scan.
According to Google, implementing 2-step verification resulted in a massive 50% decrease in accounts being compromised compared to accounts that did not have it enabled. The company has automatically enabled 2SV for over 150 million people and has started requiring 2 million YouTube creators to implement 2-step verification as well.
This is critically important because Google accounts are often used to access additional accounts – for example, many people use their Google accounts to store password chains for banking, work accounts, and platforms full of personal and financial information. Just take a second to think about what someone would have access to if they hacked your Gmail account, and you’ll see what we’re talking about!
How does 2-step authentication work?
2-step verification can be applied differently by different vendors and applications, but the process is the same.
- You are prompted to log in by the application or the website.
- You enter the authentication factor that you know (username and password). This is matched by the server.
- You are then prompted to initiate the second login step. This will be something unique that only you will have, such as a fingerprint or facial scan, security token, an ID card, a smartphone or other mobile device.
- After providing both factors, you are authenticated and allowed to access the application or website.
A good example of this is when you withdraw money from an ATM – you need to use your bank card (step one) and your PIN (step 2). It’s easy for someone to steal your bank card, but adding the PIN makes using it more difficult.
Digitally, this type of verification is becoming much more commonplace too. For example, when you add a beneficiary to your online banking, the bank will send you a text to your mobile or an email to your email account with a code you have to enter. This means that if someone else is using your password to access your online account, they can’t steal your funds without having access to your mobile or your email as well.
This is made more secure by additional verification on separate devices, adding extra layers of protection. For example, if you use an iPhone for work and your work account password is hacked, you are protected by the code the hacker needs that is sent to your iPhone – and even if they had your iPhone, access to the code sent to the phone would be denied if you have biometric and password security enabled.
At Otto IT in Melbourne, our focus is on providing cost-effective, state-of-the-art IT security services and solutions, from IT support and cloud solutions to network security and disaster recovery. We can also train your staff to become more cyber security-aware, protecting business and personal information from malicious hackers. Contact us and find out how we can help prevent your business from becoming a victim of cybercrime.