Yesterday I talked about two-factor authentication and why you should be using it on your most important online accounts.
Today I’m explaining how to get started with 2FA, which services you can use it for, and the common pitfalls you should be aware of when using it.
First, the pitfalls. Because you should definitely be aware of these before you start using 2FA.
Common mistakes when using 2FA
The number one pitfall with using 2FA is that you lose your phone.
If you’re using an app-based 2FA, like Google Authenticator, if you lose your phone you will not be able to log in to your account, even if you replace your phone and keep your number.
If you’re using text message 2FA, then you’ll be locked out of your account until you get a replacement phone, so long as you keep your same number.
While getting your phone lost, stolen, broken or wiped is a rare occurrence, it does happen.
A way to negate this risk is to use a 2FA app that lets you back up all your 2FA accounts.
Authy is probably the best and most well-known app to use for this. It lets you create an account and then log in to that from specific devices that you allow.
So, for instance, you can got it on your phone and then authorise your laptop to use it as well. Then if you lose your phone you can still access 2FA through your laptop.
You can then use your laptop to set Authy up again on your new phone.
Obviously, this makes it slightly less secure because if someone has access to your laptop, they can get into your accounts. But it is still much, much more secure than not using 2FA.
Personally, I use Authy to manage all my 2FA accounts. I don’t have any affiliation with the company. I just have found it to be the best way to use 2FA. Especially as I lose or break my phone more than most people.
Another way around this problem, which I highly recommend, is to print out or write down some permanent 2FA codes.
When setting up 2FA, some companies allow you to create a few one-time 2FA codes. I know Gmail does. You can then use these codes to log in to your account if you lose your phone.
Bear in mind each code will only work once though. So if you lose your phone it’s a good idea to use one code to get into your account and then disable 2FA until you get your new phone and can set it up again.
Obviously you need to keep these codes in a safe place. It can be a good idea to keep one or two with your passport so that if you lose your phone on holiday you can still log in to your email to get access to your travel documents.
I once had a phone pickpocketed on holiday that I was using to store my plane boarding passes on. At the time I didn’t use 2FA, so I could log in to my email and print them out.
But had I been using 2FA and not printed out some codes I would have had a very bad time trying to get home.
So if you’re going abroad, definitely make sure you have a few one-time codes printed out. Or maybe just disable 2FA before you leave and re-enable it when you get back. (It only takes a minute or so to do, as I’ll show you in a minute.)
How to initiate 2FA
With that in mind, here’s how to set up 2FA.
In this example I’ll show you how to do it on Gmail. But Facebook, Yahoo! Mail, Amazon, Microsoft, Hotmail Apple and Dropbox all have very similar processes.
In fact, Authy has walkthrough guides for all these services and many more on its 2FA guides pages. So even if you don’t decide to use the Authy app, you can find out how to enable 2FA on your accounts here.
Once you’ve set it up, you’ll only need to enter your 2FA code when you log in from a different device. So the first time you log in with your laptop, you’ll need to enter the 2FA code. But after that you can just use your username and password.
So, here’s how to set up 2FA with your Google account.
Log in to Gmail and click on your account icon on the top right. Then click on the “Google account” box.
You’ll then be taken to this screen. Click on the “Signing in to Google” link on the left.
Then on the next screen click on “2-Step Verification”.
From here it asks you to confirm your password. Then it asks you which 2-step method you want to set up.
The most simple is the text or voice message one.
The most secure is the authenticator app one.
The fastest is the Google prompt, which just pops up on your phone. But you can only use this one if you have a Google account on your phone.
You can also print out your one-time codes from this screen.
Here’s what the 2-step screen looks like once you’ve set it up.
As you can see, I use my phone as the default authenticator, but I also have backup codes and the app as alternatives.
As I said, setting up 2FA is very similar on the other major online services, and you can find out how to do it for each one here.
How hackers get around 2FA
Okay, so with 2FA set up, you’re completely 100% safe from hackers, right?
Hackers can still get into your account. For example, if they steal your phone, they will be able to use your 2FA app or phone number to log in to your accounts.
In fact, they won’t even have to as your phone will be a recognised device and so they will be able to get in with no hassle at all.
So it’s important to also setup security on your phone lock screen.
The same goes for your laptop if you’re using Authy and have set it up to also verify your 2FA codes.
However, if you lose your phone, you’re going to know about it fairly fast. Most manufacturers let you wipe your phone remotely. So if you know your phone has been stolen it’s a good idea to wipe it remotely as soon as you can.
Also, one reason using an authenticator app is more secure is because hackers can get access to your phone number relatively easily.
This isn’t a problem for most people. As it does take quite a lot of social engineering on the hacker’s end. But if you’re a high-profile target, it can become a problem. If you’re using an authenticator app instead of text messages, this negates the problem.
As with most security measures, using 2FA really just makes you less of a target. It’s basically like having a very good lock on your bike.
Most criminals will simply steal the bike next to it rather than go to the difficulty of using an angle-grinder to get your lock off.
But there are still ways hackers can get into your account if they really, really want to and if they are very good hackers. But that is not something most people will have to worry about.
So in conclusion. It is definitely worth setting up 2FA on your most important accounts. Certainly on your main email account. Especially as it only takes a couple of minutes to do and doesn’t cost you anything.
Until next time,
Editor, Exponential Investor
PS My colleague Nick Hubble has finally finished his book on the end of the euro. If you have any interest in… well anything in the news at all, will help you make more sense of it all.
In Nick’s own words.
It explains how the euro wreaks havoc on the European economy. It explains where the weak point of the currency system is. And lays out how the euro will implode. Or explode.
All of it is easy to understand. And that’s what’s new. It’s not like people didn’t warn us about the problems the euro would create. I’ve just complied all their ideas, strung them together in a way that’s understandable, and punched out the obvious conclusion.
So if you want to understand the most important event in the European Union’s history before it happens, don’t bother with Brexit. .