two-factor_authentication
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
two-factor_authentication [2019/08/21 06:32] – neil | two-factor_authentication [2019/08/21 06:45] – neil | ||
---|---|---|---|
Line 3: | Line 3: | ||
====Key points ==== | ====Key points ==== | ||
* [[two-factor_authentication#" | * [[two-factor_authentication#" | ||
+ | * [[two-factor_authentication# | ||
+ | * [[two-factor_authentication# | ||
====" | ====" | ||
Line 16: | Line 18: | ||
This page focusses on " | This page focusses on " | ||
- | ====Something you have: one-time codes ==== | + | ====Enable two-factor authentication wherever you can ==== |
- | Some sites will let you configure | + | Because of the security benefits of having two-factor authentication in place, you should enable it wherever you can. This normally means "on every site and service which supports it". |
+ | Â | ||
+ | Check first that you can use whatever two-factor approach you are using on whatever devices you tend to use. If you primarily use your phone, and the service requires a hardware device which is incompatible with your phone, you'll be causing yourself a lot of inconvenience, | ||
+ | Â | ||
+ | ====Have a back-up mechanism in case you lose your device(s)====Â | ||
+ | Â | ||
+ | A risk of enabling two-factor authentication is that, if you lose control of the second factor, you will be unable to access the service in question. | ||
+ | Â | ||
+ | ===Backup one-time codes ===Â | ||
+ | Â | ||
+ | If you are using one-time codes, you are usually prompted to download and save some backup codes, which you can use if you lose your one-time code generator. | ||
+ | Â | ||
+ | If you use a password manager, and if you back this up, you might store your backup codes in that. | ||
+ | Â | ||
+ | Alternatively, | ||
+ | Â | ||
+ | ===Backup hardware devices ===Â | ||
+ | Â | ||
+ | If you are using a hardware device, good practice is to buy two identical devices, and configure them to mirror each other. Â | ||
+ | Â | ||
+ | Keep one with you, to use for logging in, and keep the second | ||
+ | Â | ||
+ | ====Something you have: one-time | ||
- | Backup codes. | + | Some sites will let you configure your account to require you to put in a one-time code, in addition to your username and password. |
- | Two hardware devices, so you can store a backup safely in safe. | + | These one-time codes are usually generated by a piece of software on your computer or phone, or else through |
- | Enable two-factor authentication wherever you can, but make sure you have a back-up mechanism in case you lose your device(s). | + | ===Time-based One-Time Passwords |
+ | ===Avoid text message for delivery of codes === | ||
- | Option | + | Some services offer the real-time delivery |
- | Downside of 2FA is that, if you lose your device, you may well be locked out of your accounts. | + | First, text messages are not secure, and a sufficiently motivated attacker is likely to be able to access |
- | If the second code is delivered over SMS, you can probably get a new SIM, get your provider | + | Second, if someone manages to hijack your phone number (sometimes known as "SIM swapping" |
- | If you use an app — which means you are not reliant on getting an SMS — you may struggle more. I don’t have a great solution for this at the moment. | ||
====Hardware security tokens ==== | ====Hardware security tokens ==== | ||
{{:: | {{:: | ||
Yubikeys | Yubikeys |
two-factor_authentication.txt · Last modified: 2022/09/08 09:09 by neil