Two Factor Authentication (2FA) or Multi-Factor Authentication is critical to keep you safe. So, I'm writing again on this topic.
You are smart to use two-factor identification (2FA) to protect your accounts. Without it, you face serious hassles and financial risks from data breaches. Setting up multiple ways to recover from problems with 2FA will ensure you won't get locked out of your accounts.
Get a code from your phone. Unlock a website.
Authenticators
Authenticators cleverly lock out thieves and let you in. You put an authenticator app on your mobile phone. When you log in to a website that you have protected with 2FA, you are prompted for a code. Tap the authenticator icon on your phone and you'll see a new six-digit code. Enter it and your in!
You can also use an authenticator to protect your password manager.
The two biggest free authenticator providers are Google and Microsoft. Chances are that each of your online accounts will support one or both.
YubiKey
YubiKey makes it even easier to use 2FA. You don’t need to type in anything. Purchase a YubiKey USB key, insert it into a USB port on your computer, and set it up. After that, you just tap it when prompted for 2FA and you're in. Nothing to type.
You can also use a YubiKey to securely access apps and websites on your phone.
Recovering from Losing Your Phone or YubiKey
What if you lose your phone or YubiKey? Are you helplessly locked out until you can get through to tech support?
The makers of 2FA options don’t want a zillion users bugging them to unlock their accounts. So, when you set up 2FA, they give you recovery options.
For example, my Bitwarden password manager (premium account, $10 per year) allows me to select multiple options. You can add a combination of recovery codes, Google Authenticator, Microsoft Authenticator, YubiKey, and more.
By setting up one or more recovery options for each of your services protected by 2FA, you can avoid being locked out. You do need to think ahead, saving your recovery codes and instructions in one or more safe places.
It is definitely worth the time you spend to set up 2FA and your recovery options. If only your log-on passwords stand between a cybercriminal and your financial and confidential information, you are not safe.
A version of this article was originally published by Wells Anderson in the American Bar Association GPSolo eReport. Questions? Give a call at 952.922.1120 or send me a message.