- Although two-factor authentication likely wouldn’t have stopped your data from being stolen in the Facebook hack, the event is a reminder that your passwords can be easily accessible.
- Two-factor authentication (2FA) is a more secure method of logging in to accounts, email, and operating systems. It often comes in the form of a text message with a code, but it’s even safer to use a physical security key that you plug into your computer.
- Companies like Yubico make relatively inexpensive security keys that can prevent your accounts from being accessed by bad actors.
The recent Facebook hack in which the private information of millions of users was stolen is an unfortunate reminder that our passwords aren’t always as safe as we think they are.
This is where two-factor authentication (2FA) comes in. While 2FA likely wouldn’t have stopped your data from being stolen from Facebook, it can prevent unwanted people from logging into your accounts, even if they have your password.
You’re probably familiar with 2FA in the form of a text message – like when you log in to an account from a new browser or computer, and you’re prompted to enter a code that’s sent to you via text message. While this method is definitely more secure than simply using a password, it’s not the most secure method of 2FA – especially if someone has access to your phone.
If you really want to protect yourself, you need to do what’s called “physical” two-factor authentication.
Using a physical security key is one of the safest ways to protect your accounts – and it’s not that expensive or complicated. Instead of typing in a passcode from a text message for 2FA, a physical security key needs to be plugged into your device when prompted, which allows you to log in. One of the more well-known security key companies, Yubico, sells security keys for as cheap as $20. You can purchase security keys for both computers and mobile phones, meaning your accounts are safe no matter where you generally access them.
Here’s how a 2FA security key works, and which services support them:
Setting up a security key is pretty simple, and only takes a few minutes. For the purposes of this article, a Yubico Yubikey will be the point of reference.
You don’t have to do anything to the actual key to set it up – just take it out of the packaging and it’s ready to go. Next, you’ll need to choose a service to secure with your key. Social media and email services tend to support physical two-factor authentication, and so do operating systems like Mac OS and Windows. You can also use a security key with password managers that keep track of and fill out your passwords for you.
Here’s a list of some services that support physical two-factor authentication, from Yubico:
The above links provide instructions detailing how to set up a security key with each service. For Yubico’s full list of websites and services that support physical 2FA, click here.
Once your key is set up, using it is pretty simple. It’s important to keep your key with you, such as on a keychain, so you’re always able to log in (although if you don’t have your key handy, you can also enable additional log-in methods).
When you attempt to log in to your account, the website or service will prompt ask for your security key. All you need to do is plug it in to the device, usually via USB port. On a Yubikey, you’ll need to press a small button on the key once it’s plugged in.
If you’re using a smartphone, you tap the key on the device instead of plugging it in, and the phone authenticates you through a wireless NFC signal.
After that, you’re logged in and good to go. The process hardly takes longer than typing your password – but it’s much more secure.