By Patricia A. Pramono • Studio 1080, Published on August 16, 2024
TABLE OF CONTENTS
Digital scams and cyber threats are increasingly sophisticated, which means securing our online accounts is more critical than ever. Yet, despite the heightened awareness around cybersecurity, one crucial tool—Two-Factor Authentication (2FA)—remains overlooked by many. But what exactly is 2FA, and why should it be at the forefront of your online security strategy?
Two-Factor Authentication, commonly known as 2FA, adds an extra layer of protection to your online accounts by requiring two forms of verification. This typically involves something you know (like a password) and something you have (like a smartphone). By adding this second layer, 2FA makes it significantly harder for cybercriminals to gain unauthorized access to your accounts, even if they manage to obtain your password.
2FA Should Not Be Overlooked — Yet, It Still Does
Despite its importance, many people continue to overlook Two-Factor Authentication (2FA) as part of their online security strategy. This can happen for a variety of reasons, even though the benefits of 2FA are well-documented. Understanding why 2FA adoption is low helps shed light on the challenge of educating people on its critical role in protecting personal and financial information.
One of the primary reasons 2FA is still underutilized is the perceived inconvenience. For many users, having to go through an extra step every time they log into an account feels inconvenient. They might feel that entering a code or using an app adds unnecessary friction to their experience, especially if they need to access their accounts multiple times a day. This inconvenience can be particularly frustrating in situations where the second factor isn't immediately accessible, such as when the user doesn’t have their phone on hand.
Another reason is a lack of awareness. Many people aren’t fully aware of the risks they face nowadays digitally, especially when they rely solely on passwords for security. Often, users think that if they have a strong password—perhaps one that includes a mix of uppercase letters, numbers, and special characters—that’s enough to protect their accounts. However, the truth is that even the strongest passwords can be vulnerable to phishing, brute-force attacks, or data breaches, where attackers gain access to password databases. Without understanding these risks, people are less motivated to seek out additional layers of security like 2FA.
Also read Think Before You Click! How to Spot Phishing Scams and Protect Your Data
Misconceptions about security also play a role. Some users believe that 2FA is only necessary for high-value accounts, such as banking or business-related services, and overlook the importance of protecting their social media, e-commerce, or email accounts. This belief leaves a large number of accounts unprotected, creating an easy entry point for attackers. The reality is that once a hacker gains access to an account like your email or social media, they can use it to reset passwords on more critical accounts, escalating the damage significantly.
Additionally, many online services don’t default to requiring 2FA, leaving it up to the user to enable this extra security layer. When 2FA is offered as an optional feature rather than being mandatory, many users simply bypass it. They might skip setting it up during account creation, not realizing that they’re leaving a major security gap.
Lastly, there is the issue of complacency. Users who have never been a victim of cyberattacks may think, "It won’t happen to me." This mindset creates a false sense of security, leading them to underestimate the value of 2FA until it’s too late. Unfortunately, by the time a security breach occurs, the damage has already been done, and they may face identity theft, financial loss, or compromised personal information.
The Benefits of 2FA
The primary benefit of 2FA is the added security it provides. With just a single password, your accounts are vulnerable to various forms of attack, including phishing, brute force, and social engineering. However, with 2FA, even if your password is compromised, the attacker would still need the second factor, such as a code sent to your mobile device, making unauthorized access exponentially more difficult.
Additionally, 2FA can protect sensitive information, such as financial details, personal identification, and confidential communications. It not only helps prevent fraud and identity theft but also ensures peace of mind, knowing your data is safeguarded against most threats.
Different Types of 2FA
Two-Factor Authentication (2FA) isn’t a one-size-fits-all solution. There are several types available, each with its own strengths and weaknesses. The different types of 2FA cater to various user needs, from those looking for simplicity to those seeking robust security. Here's a breakdown of the most common methods, along with examples and use cases to help you choose the right one for you.
-
SMS-Based 2FA: The most widely used and familiar form of 2FA, SMS-based authentication involves sending a one-time code to your mobile phone via text message. When you log into an account, you first enter your password and then wait for the SMS code to arrive, which you’ll need to input to complete the login.
Example: When accessing your GoPay account, after entering your password, you receive an SMS with a six-digit code. You input this code into the app to confirm your identity. It's a common practice among digital wallets like OVO and mobile banking apps such as BCA Mobile or Mandiri Online.
-
Authenticator Apps: Apps like Google Authenticator or Microsoft Authenticator generate time-based codes that change every 30 seconds. These apps work offline and are more secure than SMS because they don’t rely on your phone number, which could be subject to SIM-swapping.
Example: You enable 2FA on your Tokopedia account and link it to Google Authenticator. After entering your password, you open the Google Authenticator app on your phone and use the six-digit code it generates to complete the login. Even if someone steals your password, they won’t be able to access your account without the code from your app.
-
Banking Tokens (Hard Tokens): Many banks in Indonesia, such as BCA and Mandiri, provide physical token devices that generate a one-time passcode for secure transactions. These tokens are commonly used for high-value transactions or transferring funds online.
Example: When performing an online transfer through BCA KlikBCA, you’ll need to input the transaction amount and details into your hard token. The token generates a unique code that must be entered to authorize the transaction. This adds a layer of security to online banking.
-
Biometrics: Biometrics uses unique physical characteristics, such as fingerprints or facial recognition, to verify your identity. This method is now widely available in Indonesia through smartphones and banking apps.
Example: When logging into your BCA mobile banking app, instead of entering a password, you use the fingerprint sensor on your smartphone to verify your identity. This ensures that only you, with your unique fingerprint, can access your banking information. Many popular apps like Shopee and Dana also support fingerprint or facial recognition login options.
-
Email-Based 2FA: Email-based 2FA sends a one-time passcode to your registered email address. While less secure than other methods, it still provides an additional layer of protection for services that may not yet offer more advanced options.
Example: If you log into an online shopping account that uses email-based 2FA, you’ll receive an email with a code to verify your login attempt. Though it’s better than nothing, this method is often less effective because email accounts themselves are frequent targets of hacking.
Guide to Setting Up 2FA
Enabling 2FA on your accounts is straightforward and well worth the effort. Here’s a basic guide:
-
Check if Your Account Supports 2FA:
Before anything else, you need to determine if the service or platform you’re using offers 2FA. Most major online services now support 2FA, including email providers (e.g., Gmail, Yahoo), social media platforms (e.g., Facebook, Instagram, Twitter), e-commerce platforms (e.g., Tokopedia, Bukalapak), and banking apps (e.g., BCA Mobile, Mandiri Online). To find out, search for "security" or "privacy" settings within your account. Look for a section labeled "Two-Factor Authentication," "2-Step Verification," or something similar.
-
Choose Your Preferred Method:
Once you’ve confirmed that your account supports 2FA, the next step is to choose the method that works best for you. Here are the common options, as explained before:
-
SMS Verification: You’ll receive a code via text message every time you try to log in.
-
Authenticator Apps: These generate one-time passcodes that refresh every 30 seconds. Popular options include Google Authenticator and Microsoft Authenticator.
-
Biometric Verification: On some services, you can use a fingerprint or facial recognition as the second factor, particularly on mobile apps.
-
Email Verification: Some platforms send a verification code to your registered email address. While not as secure as other methods, it’s better than using a password alone.
-
Enable 2FA in Account Settings:
Once you’ve selected your method, it’s time to enable 2FA. The process will vary slightly depending on the service, but generally, you’ll find the option in the security or privacy settings section of your account. Look for the option labeled “Two-Factor Authentication” or “2-Step Verification.” Once there, you’ll follow the prompts to activate 2FA.
Example: If you’re enabling 2FA on your social media account, such as Instagram, you would go to Settings > Security > Two-Factor Authentication, and follow the instructions to enable SMS or an authenticator app.
Tip: It’s a good idea to do this on your most important accounts first—such as your email, banking, and social media profiles. These are often the primary targets for hackers because they provide access to other services you use.
-
Secure Backup Codes:
Many services provide backup codes when you set up 2FA. These codes are critical because they allow you to regain access to your account if you lose access to your phone, change numbers, or accidentally delete your authenticator app. Treat these codes like gold—store them in a safe place that’s easy to access if needed, but secure enough that no one else can find them.
-
Regularly Review and Update Your 2FA Settings:
After you’ve set up 2FA, it’s important to periodically review your settings to ensure everything is up to date. This includes making sure your phone number, email address, or authenticator app settings are current. Regularly updating these details ensures that you won’t get locked out of your account due to outdated information.
Example: If you change phone numbers, make sure to update your SMS-based 2FA settings across all your accounts. Similarly, if you switch to a new phone, remember to transfer your authenticator app data to your new device. Many services provide a process to transfer or re-enable 2FA if you’ve switched devices.
Conclusion
Two-Factor Authentication is not just a recommendation—it’s a necessity. By adding an extra layer of security, 2FA helps protect your accounts and sensitive information from unauthorized access. While it may take a few extra seconds to log in, the protection it offers is well worth the effort. Don’t overlook this essential tool—enable 2FA on your accounts today and take a proactive step towards safeguarding your digital life!
Follow us on LinkedIn for more updates regarding insights and the tips to protect yourself online like this.
LinkedIn: Cisometric
References:
How to Successfully Introduce Two-Factor Authentication To Your Team
5 Benefits of Using Two-Factor Authentication (2FA)
How Secure is Two-Factor Authentication (2FA)?