OVERVIEW: 2FA SECURITY USAGE TIPS

Two Factor Authentication (2FA), (which is a subset of Multi-factor authentication) is an optional secondary form of digital identification to better protect your important online accounts. It is typically used with online accounts, such as your bank accounts, investment accounts, and your cryptocurrency accounts, that you want to be better protected.  With 2FA enabled, a password alone will not be enough to access your account(s) and/or wallets. You will also need to enter a “one-time-use” 2FA code to log in.  This will foil most hackers. You can choose to use this extra protection, or not. By default, it is usually disabled. We strongly encourage you to follow these 2FA security usage tips to keep your accounts safer.

There are several methods that 2FA codes can be sent to you. After you enter your password/PIN then you will be sent your unique 2FA code in one of three ways.

  • Email
  • Text message to your phone
  • “Authentication” app on your smartphone

You may be able to select the receive method that you prefer, or you may have only one choice. It will depend on your account.

The code will be composed of 4 to 8 letters and/or digits. After you have entered your password you will then have to enter your 2FA code into the same website.

The purpose is to make it harder for hackers to get access to your accounts even if they discover your password. This feature is offered on virtually all cryptocurrency websites, as well as many other banking and investment accounts.

2FA via a smartphone “Authentication” app is considered the most secure method of getting these codes (rather than SMS or email). A 2FA authentication app is free to download and use. Get it from your friendly app store.

A 2FA app will “pair” your device with each of your website accounts on which it is enabled. It will generate a new unique code for each paired website and this code will change every 60 seconds.

The following are a few of the most common 2FA authenticator:

  • Google Authenticator
  • LastPass Authenticator
  • Microsoft Authenticator
  • Authy Authenticator

Learn more about 2FA apps from this PC World review.

This Forbes article explains why relying on simple SMS messages (rather than an Authentication app) to receive codes is not safe.
But the choice of using SMS vs an authentication app may not always be available. Your account may only allow one method.

After you enable 2FA and log in with it for the first time, most websites will then allow you to choose to trust your current browsing device for a period of time – like 30 days. During that time you will not need to enter the 2FA code again except in unusual circumstances (such as if you clear your browser cache). Other websites will require that you enter the 2FA code every time you try to log in.

STANDARD: 2FA SECURITY USAGE TIPS

To protect your funds, follow these fairly standard 2FA security usage tips:

  1. 2FA EVERYWHERE: Set up 2FA on all of your cryptocurrency accounts and wallets, and any other financial website that you want to be better protected. BUT start slowly, one account at a time, to be sure you understand how the system and recovery/reset process works.
  2. 2FA EMAIL: Turn on 2FA even for your email. Your email is typically the center of your password recovery life. If someone hacks your email then they can start to reset every single account password you own. Learn how to set up 2FA for Gmail.
  3. RECOVERY CODES: Most websites will also give you a set of one-time-use “recovery codes” for the instances when you are unable to access your phone’s app. In this case, each time you enable 2FA for the first time on each of your website accounts, you will be shown those recovery codes. Be sure to take note of them at that time.
  4. 2FA BACKUPS: If you plan to use a smartphone 2FA authentication app then be sure you understand how to backup your Authentication recovery codes before you start adding your various logins. If you lose your phone then you will have to a backup to easily recover/reset all of your login access. If you don’t have this backup then it will be somewhat harder to reset all of your accounts and you may have to contact each of your accounts to reset your 2FA.
  5. CLOUD BACKUP: Some 2FA apps back up your 2FA keys in encrypted form in their cloud so that you can use the app from various devices. For example, the Authy app, the LastPass app, and some others back up automatically. Others, like Google Authenticator, do not have any backup mechanism at all. They will NOT be stored in your Google account.
  6. MASTER PASSWORDS: Most 2FA apps have their own “master” passwords to get access to the app each time you use it so be sure to remember and/or store that password. Google is somewhat different in that your normal Google account login will give you access to Google Authenticator (but remember that Google does NOT back up your individual website codes)
  7. SETUP GUIDES: The “Authy” app has many guides on their website which explain how to set up 2FA on various websites.
  8. RECOVERY – AGAIN: We said it before, but we will repeat: Be sure you understand how to recover your account access if you lose your phone.
  9. SIM-JACKING: Be aware of “SIM Jacking” which is a hacking method of stealing your phone number, taking over your cell phone access, and bypass your 2FA protection. With this control, a hacker can potentially reset all of your passwords. To reduce this avenue of attack, call your telecom provider and set up a special PIN which will be required before your phone number can be ported. It may be safer (non-hackable) to have a Google Voice number. Read more about SIM Jacking:

ADVANCED: 2FA SECURITY USAGE TIPS

The following advanced 2FA security usage tips are for those who want additional security and are willing to put in extra effort to get it.  These tips may also address more rare, fringe issues.

  1. SPECIAL EMAIL: Create a special email account just for security codes and don’t use your everyday email address for this purpose.
  2. U2F/FIDO: Learn why U2F/FIDO is even better then 2FA (but with very limited availability at this time)

See all of our cryptocurrency security tips.

In the comments below, you can add your own 2FA security usage tips, and/or correct or dispute our tips.

0 0 votes
Article Rating