How Two-Step Authentication Works

by

Using strong passwords is essential to protect our personal data or access to different social networks and services. But if we want to go a little further, we can add verification or two-step authentication that will improve our privacy and security beyond the password.

What is it? In the next few paragraphs we will tell you everything you need to know about two-step authentication but also its advantages, what types exist or how you can activate it in some of the services or social networks that you use every day.

What is Two-Step Authentication

Two-step, two-factor or 2FA authentication is a double identification method that seeks to improve the security and privacy of our profiles and accounts. For its acronym in English, 2FA. As the name suggests, we not only need a password, but there is one more step that protects us in case someone has tried to hack us.

It may vary depending on the service in question, but generally it will allow us to have a password and then we must confirm with a six-digit code that we receive through SMS or a specific application and that we must enter on the web or application to be able to access our bill. We can receive it by message on our phone and that will mean that no one can steal our accounts if they do not have access to our mobile, but there are also other methods such as receiving it through a phone call or a specific application such as Google Authenticator where a code will appear that we can use for a few seconds.

Advantages and disadvantages

The main advantage of two-step authentication is that it gives us extra security to all the accounts or profiles in which we are using it. An additional layer of protection in case our passwords are not strong enough or if they have been hacked or leaked. Even if they have the password, they cannot enter our account under any circumstances and it is an option within everyone’s reach that does not require any type of extra knowledge or being an IT or technology expert to be able to use it. In addition, another advantage is that it is available and included in a large number of services that we use every day such as Instagram, Facebook and other websites or online stores such as Amazon itself.

Another interesting advantage is that we will know if someone is trying to steal an account from us. If we receive the two-step authentication code and it has not been us, it means that there is someone who is trying to access without permission.

The only drawback that we see with this security method is that it implies that we dedicate a few more seconds to access our account every time we need it . It will take a little longer and it can be somewhat annoying to have to look for the code on your mobile or depend on the SMS to arrive if we want to access.

How does it work

There are several forms of authentication, as we explained in the previous paragraphs. The most common is to do it by SMS, but it is not the only one and there are also applications that allow you to consult that code if we have previously linked them.

How does it work? You enter your email and password or your username and password. Once you have it, you receive a temporary multi-digit code that we can write in the corresponding box. We receive a code that no one can access unless they have your mobile phone and we enter it. This code is usually a multi-digit combination that expires after a few minutes.

Temporary passwords received that we must enter when logging in and that, as we will see below, can arrive in different ways.

Types of verification methods

The most common is that we use SMS, but it is not the only option.

  • Verification by SMS. We write our username and password in the application or web that we want and a message will be sent to the mobile phone linked to the account. It has the advantage that we do not need to download anything else because we can all receive SMS as long as we have an active SIM card so it is universal and simple. We receive the code by SMS and enter it on the web to confirm the session. It is usually the usual in the case of some banks, social networks, etc.
  • Email verification. Another option is that the confirmation or temporary password is by email, although it is less secure than the previous one because it is more hackable than an SMS (which requires that your mobile phone be stolen or your SIM is cloned) and they can access if they have your password. Still, it is another option that we can use for two-step verification.
  • Verification by applications. Another of the most used and recommended methods is to use specialized authentication applications that generate the temporary password so that you can copy and paste it. There are many applications like Google Authenticator and we will see some of them later. The drawback is that we will need to download something extra on our mobile phone that will take up space, but they are easy to configure and easy to use once we need the corresponding code.

There are other options such as codes or passwords within the application itself in case of messaging or with the ability to generate a code on your mobile that you must use on your computer, for example. Or other methods like using the fingerprint to verify your identity in addition to using the password, for example.

Applications

If you are going to bet on two-step authentication applications there are a series of recommended options that are totally reliable and safe for this use.

Google Authenticator

It is the Google application to verify our identity in other applications. It is compatible with iOS and Android on mobile phones and tablets and its operation is very simple. The six-digit code will simply appear and we can copy it. The code changes every thirty seconds to improve privacy and prevent someone from using it. And it is compatible with all kinds of services and websites: social networks, online stores, Amazon …

We will simply have to link it the first time through a QR code that will appear in the app or website that we are configuring. In the case of the screenshot below, Facebook. From the settings we activate two-step authentication and we are going to “use authentication application”. We scan the computer screen with the mobile and we will have linked both to use it from that moment on.

Authy

Another of the most recommended is Authy and it is also free and compatible with almost any device. It is cross-platform and we can use it on iOS and Android, but also on Chrome, on Windows, on macOS. From its website we can see what services this app allows such as 2FA authentication and we find many of them such as Google, Gmail, certain VPNs, games such as Fortnite, social networks or online platforms such as LinkedIn and many other common online services.

In addition, not only does it allow us to access the six-digit code for verification, but it also has other additional functions such as backup, fingerprint and facial identification compatibility and many other options.

Microsoft Authenticator

Microsoft also has its specific app that we can download from its official store and that is available for mobiles with Android or iOS operating systems. It is free and its mission is the same as the previous ones: it gives us the six-digit codes that expire after a few seconds (30, specifically). To access it we have to use facial or finger recognition to improve security.

DownloadQR-Code

Microsoft Authenticator

Developer: Microsoft Corporation

DownloadQR-Code

Microsoft Authenticator

Developer: Microsoft Corporation

We can use it in services such as Amazon, Dropbox, Google, Facebook, GitHub, LinkedIn … It is compatible with the standard so we can easily use it to log into emails, applications and social networks.

Enable two-step authentication

Activating it depends on the service itself and we can do it on almost all online platforms from the security settings. It is available on Instagram, Facebook …

In Google

In our Google account we have practically all the important information that we use every day : our email, files or data in Excel and even access to our locations on maps. We do it for everything we have linked to Google and we only need to have the phone to activate the second step.

  • Open Google account
  • Go to “Security”
  • Search for “Sign in to Google”
  • Select the option “Two-Step Verification”
  • Tap on “Get Started”
  • Follow the steps that appear on the screen

On Facebook

The steps are simple on Facebook to improve security.

  • We open our profile
  • Let’s go to Settings
  • We choose the Password and security option “
  • We open “Use two-step authentication”

Here we will see several options: Authentication application, text message, security key. We choose the one that interests us and click on “continue” to follow all the steps. We use the app to scan the code or configure our mobile phone to reach us by SMS.

On Instagram

On Instagram we can also do it by linking our mobile phone or with specialized applications as we want by SMS or by app. Hacks are frequent on Instagram so it is important that you activate it to prevent your account from being stolen.

  • Open your profile and tap on the lines in the upper right corner
  • Open the settings section of the app
  • Go to Security in the menu
  • From here, choose Two-Step Authentication
  • Tap on Start
  • Choose the option you want (application or SMS)
  • Follow the steps that will appear in the app as chosen

On twitter

In the microblogging social network we can also go to the login verification methods to add this two-step authentication to our account.

  • We open Twitter
  • Let’s go to the three points of our profile
  • We open the configuration of the social network
  • We go to the Security section and access to the account
  • We choose «Security»
  • Here we will see “Two-Stage Authentication”

Tap on the option and choose between the three options: message, app or key. Once you choose any of them, you must follow the steps to confirm the process.

On amazon

If you want to protect your purchases, Amazon also allows it.

  • Let’s go to Amazon.com
  • We touch on “Account and lists”
  • We open the settings
  • We touch on “Login and security”
  • We access the account with our password
  • We will see all our data
  • Find “Two-Step Verification Settings”
  • Choose “Edit”

Here we can choose our preferred number and we can add our phone number or the verification applications that we want. In addition, there is an option that allows us to choose devices that do not require codes.

Related Posts:

by Abdullah Sam
I’m a teacher, researcher and writer. I write about study subjects to improve the learning of college and university students. I write top Quality study notes Mostly, Tech, Games, Education, And Solutions/Tips and Tricks. I am a person who helps students to acquire knowledge, competence or virtue.

Leave a Comment