Tech support: What is two-factor authentication and how to use it

Yahoo Finance Video

Fri, Jun 11, 2021, 5:05 PM

In this article:

Yahoo Finance's Dan Howley discusses what is two-factor authentication and how to use it.

Video Transcript

- Also in this week's tech report, you're talking about how to set up 2-factor authorization. This is a very important issue for a lot of people. If you're late to the game, how do you do it?

- Yeah. 2-factor authentication is kind of an extra layer of security. Now, the reason why we bring it up is because the colonial pipeline attack was actually partly responsible, or part of the reason for it was a lack of 2-factor, or what's sometimes called multifactor authentication. Now, 2-factor authentication, again, it's that second layer of security. So when you sign up for a service, you have your password, you have your username, and then sometimes you'll get a notification asking you if you would like to enable 2-factor authentication.

And really what it is if you do that, you will then have to receive a text message with a one-time use passcode. You would enter that into your account after sign in. And then that would allow you to get into your full account. You sometimes get them in other ways. But really what it is here is another way to confirm you are who you say you are. Your password could be stolen, could be hacked. I was just looking over the 2020 Nord's top passwords. And believe it or not, they are pathetic. We're talking about people using things like 123456, 123456789 for a password. Now, if you have a serious account, your maybe 401(k) is online, your social media accounts, your email accounts, anything along those lines, you should be using 2-factor authentication.

And there's three different versions of it. The first, as I said, is that text message version where you would go to enter your account, use your password, your username, and then you would receive a notification saying we will send you a text to your cell number. Those are good. But they're not perfect because in some instances hackers can actually clone your phone number and receive your text messages just as you would. So in that instance, they would be able to use your username, password, and that one-use time pass code to get into your account. A more safer version, or a safer version rather, is one that uses an authenticator app. Now, those are made by the likes of Microsoft or Google. You may even use one with Duo Mobile for work.

What those do is they generate a one-time use passcode that you would enter in addition to your username and passcode. Those are very safe. But the problem is you always need to have your phone on you. And if you get a new phone, you have to deactivate your 2-factor authentication on your old phone and then reactivate it on your new phone. It's a huge to-do. The third version, though, is one that uses a physical hardware key. This is a literal key FOB that you would put on your keychain. And it'll provide you with a number for that one-time use passcode that you would then enter.

Those are also kind of a pain, though, just because you need that piece of hardware with you at all times. And there are some new versions of 2-factor authentication that take into account facial recognition or fingerprint scanners. And those are probably the easiest ones and the most secure because facial scanning is probably one of the most secure ways to fingerprint yourself, or not really fingerprint yourself, but faceprint yourself when you're trying to protect your online identity.

So how important is it to have these? As I said, it is pretty easy at points for hackers to just use brute force attacks-- excuse me-- to break into your account. And if they're able to do that, or they're able to somehow guess it based on something you may have posted online-- you say you're pet's name, you know, you say it's my birthday today, and that's an easy way for a lot of people to have their passwords taken. 2-factor authentication is an important way to protect yourself. And as I said, it could have been used to protect the Colonial Pipeline. And if it comes to your accounts, you want to keep those just as safe. So you might as well use it now.

- Well, Dan, why don't more companies then use this? It seems like it is very easy. I know I use a 2-step authentication for all of my social media accounts. So why don't you think more of these companies use something like this so they wouldn't be put in the same type of position that Colonial Pipeline has been?

- It sounded like from the way that it's been described for Colonial Pipeline that it was just a lax security at that point. This was a legacy VPN profile, meaning it was an older VPN profile that they didn't really use. And it just didn't have it activated. You have to imagine that a lot of companies don't have the best cybersecurity posture. They don't seem to think about it as important as it should be thought of. And that is a real issue going forward. I think now that we're seeing this huge increase in ransomware attacks and cyber attacks in general, we will start to see more companies start to clamp down. But as a regular person, you don't want your accounts broken into. People can spread all sorts of information about you online. They can get access to your important files, access to your financial information.

And if you want to protect yourself, this is really the best way to do it. As I said, there are three ways to do it. They're not the easiest thing on the face of the Earth. Yes, it does add an extra step where you try to log into your account. But really, if you want to stay safe, what do you want to do? Expose your personal information online? Or just keep it locked down by adding that one extra step? Takes about five seconds. It's not that big of a deal.

- I couldn't agree more. And some great advice there, Dan. For the record, all my passwords are Fibonacci sequences. Think about that.

The Headache at the End of the Costco Gold Rush
Costco made buying a gold bar as simple as tossing it in a shopping cart. Adam Xi, 33 years old, called five different dealers to get a price he could accept for the gold bar he bought at Costco in October. Costco shoppers are spending as much as $200 million monthly on gold, according to a Wells Fargo estimate.
The Wall Street Journal•16h ago
Why Nvidia Stock Plunged 10% Today
Super Micro Computer's lack of a preliminary earnings report led to a bloodbath in the sector.
Motley Fool•7h ago
California loses 2 more property insurers in growing crisis
Two more property insurance companies are pulling out of California, leaving more homeowners in the state facing loss of coverage and surging premiums as insurers flee.
Fox Business•11h ago
Don't buy the dip in stocks just yet as a wave of selling is about to bring the market to a bottom, according to one of the biggest bulls on Wall Street
The S&P 500 could bottom out in the next month, according to Fundstrat's head of research Tom Lee.
Business Insider•1d ago
Super Micro Stock Plunges 23% On Lack Of Preliminary Results. It's A Big Sell Signal.
Super Micro stock fell hard after the data-center computer specialist didn't announce preliminary results for its fiscal Q3.
Investor's Business Daily•8h ago
Why Semiconductor Stocks Were Smacked Down Today
The high-flying sector caught a bit of gloom at the end of the week due to several discouraging developments.
Motley Fool•5h ago
Time to Pounce: 2 Superb Utility Stocks That Haven't Been This Cheap in at Least 10 Years
One of the fastest-growing utility stocks, along with "Wall Street's Greatest Dividend Stock," make for phenomenal buys right now.
Motley Fool•19h ago
Trump Media CEO Decries Naked Short Selling; Citadel Fires Back, Stock Rises
Shares of Truth Social's parent rose in another volatile session, extending a roller-coaster stretch of trading for Donald Trump's social-media startup. On Thursday, Trump Media Chief Executive Devin Nunes sent a letter to Nasdaq CEO Adena Friedman asking her to help prevent illegal naked short selling and to make sure trading firms disclose their short positions.
The Wall Street Journal•8h ago
Apple Stock Is Falling. The CEO and Other Executives Just Sold Shares.
A variety of negative factors, including concern that the company is falling behind in AI, have hurt the stock.
Barrons.com•7h ago
2 Reliable Dividend Stocks to Buy Hand Over Fist and 1 to Avoid
If you are looking to maximize the income your portfolio generates, consider Enterprise Products Partners and Enbridge, but stay away from this midstream giant.
Motley Fool•20h ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

Yahoo Finance

Tech support: What is two-factor authentication and how to use it

Video Transcript

Recommended Stories

The Headache at the End of the Costco Gold Rush

Why Nvidia Stock Plunged 10% Today

California loses 2 more property insurers in growing crisis

Don't buy the dip in stocks just yet as a wave of selling is about to bring the market to a bottom, according to one of the biggest bulls on Wall Street

Super Micro Stock Plunges 23% On Lack Of Preliminary Results. It's A Big Sell Signal.

Why Semiconductor Stocks Were Smacked Down Today

Time to Pounce: 2 Superb Utility Stocks That Haven't Been This Cheap in at Least 10 Years

Trump Media CEO Decries Naked Short Selling; Citadel Fires Back, Stock Rises

Apple Stock Is Falling. The CEO and Other Executives Just Sold Shares.

2 Reliable Dividend Stocks to Buy Hand Over Fist and 1 to Avoid