30DISC – Day 15 – Two Factor Authentication

Two is always better than one!

Today’s challenge – Two Factor Authentication – Direct Link to Guide Page

Many of you will already use, or have used, two factor authentication (2FA). It’s the technical name for using an additional piece of information to log into or complete a transaction on an account. Here’s an experiment – try to log into your Facebook account from someone else’s mobile phone. You’re likely to get a message from Facebook saying that you need to prove you are who you say you are, either by receiving an additional password by text message or clicking a link in an email sent to your registered email account. That’s 2FA – using an additional step beyond just the username and password.

Many banks issue keychain dongles which generate unique numbers which have to be input when you log in or make a transaction over a particular size. The idea of today’s Challenge is to extend that sort of security into as many other accounts as you can.

One of the most convenient and easy to implement 2FA systems is using your mobile phone to receive text messages. Whilst this isn’t a perfect system, particularly because mobile numbers can be ported without you knowing about it, it’s much better than just having a username/password combo, and is very convenient for most people. Except when they don’t have mobile signal.

YubiKey 4 Series Keys - YubiKey 4C, YubiKey 4, YubiKey 4 Nano

I’ve been using a Yubikey for over a year now and have found it to be a great solution for increased security. I won’t go into the details as it gets very technical very quickly, but essentially a Yubikey is a USB dongle that you have to insert into the computer (or connect via Bluetooth to your phone/tablet) to provide the additional password. If you’ve set your account to be authenticated with the Yubikey, and someone tries to hack your account, they won’t be able to access it because they don’t have your Yubikey.

Support for the Yubikey is growing across websites and other online services as the list of sites that have experienced significant data breaches grows. It’s not universal however, so you’ll probably still need to use your mobile as well.

As you can see from the image above, Yubikey offers a range of options for their devices. When presented with these choices, Juan, Diana and Priscilla all chose to go with the Yubikey Nano (with Diana getting the new USB Type-C version because of her Macbook Pro only supporting USB Type-C). That way they can just leave the Yubikey in a USB port and forget about it entirely. Which is a problem if they leave their laptops unattended and someone steals their Yubikey, but it’s a huge step up in day-to-day security.

As with the password changes, moving to a 2FA solution is a website-by-website process, but all of the team members seem really on board with this particular Challenge, so we’ll check back in with them again soon to ensure progress.

 

Previous Days Here:
Day 0 – Introduction to the Team
Day 1 – Installing Operating System and Application Updates
Day 2 – Set Up A Standard User Account
Day 3 – Review Privacy Settings
Day 4 – Setup Private & Secure Email
Days 5&6 – Weekend Project #1
Day 7 – Install a Password Manager
Day 8 – Change Your Passwords
Day 9 – Browser Security
Day 10 – Firefox Security Add-ons
Day 11 – NoScript Security Suite
Days 12&13 – WiFi Security Checkup
Day 14 – Virtual Private Network

Written by Geoffrey