FAQS - PROTECTING ONLINE ACCOUNTS
OK, WHAT IS 2-FACTOR AUTHENTICATION?
It is a way to try and reduce the chance, or to make it hard for criminals to hack your online or desktop accounts.
It goes with your normal credentials, username and password, and adds another layer. It could be that a text code is sent to your mobile, or you have to tap yes on your mobile, or you have to get a code from a special app on your phone that changes every 30secs, or you have an authentication device like most banks use to provide a code, or you have a USB or Bluetooth or NFC device, like a Yubikey. That is the basic 2-factor. Smart people are trying to get to a point of doing away with passwords all together, but we are not there yet.
SO HOW DO I ADD 2-FACTOR?
Like with most things, that depends, does your online account even allow for its use? You then have to decide which method to use, if given a choice. Text, app, USB device, etc. That will depend on things like, will you always have text or mobile coverage? Will you always have your mobile phone, with charge? Are you worried about losing a USB device for authentication? Will it just work on a computer or will it work on my phone also? You might be access accounts using your mobile or tablet, you need to think about these things. Are you going to use a combination? Go to your account settings and see what they offer. You can always change the method or remove it, if you have issues.
I HAVE A PASSWORD, I'M OK, RIGHT?
No, even if you have a long, strong, password, with numbers and characters, upper and lower case, special symbols like "=" "/" "&" "@" etc computers are getting so fast and so powerful that even though We recommend using strong passwords, it's only as a first stage of the deterrent. It keeps the smaller less skilled hackers out, but the big organised hackers and governments will break your password, so 2-factor or other authentication methods must be used if available.
WHICH AUTHENTICATOR?
There are several around, and some are specific to ecosystems, like the one from Microsoft you have to use for Microsoft account authentication, but the one from Google, you can use for all kinds of account, including Google Accounts.
It often is down to personal experience and preference. Use a well-known one, in case you have downloaded a fake one created by a hacker that you then use to help them access all your accounts! Look out for similar named ones, a bit like those Guchi bags you can buy.......