What is two-factor authentication and why should you use it?
Two-factor authentication is an extra layer of security to protect your sensitive information. Companies use this service to double check that you are who you say you are. You may have used it without realising it. Have you ever logged on to your online banking and been asked to provide a phone number so that you can receive a code? And then been prompted to input the code before the website allows you to log in? That’s two-factor authentication!
Two-factor authentication helps to neutralise the risks associated with compromised passwords. Using the banking example above, if your password is found by hackers, they should not be able to access your account because they would not be able to provide the code. Think of it as an outer and an inner wall of defence. The outer wall is the password, the inner wall is the code. Unless you can get through both walls, you can’t get in.
So how does two-factor authentication work? As mentioned before, it will require you to add an additional code after you have entered your password. There are a few ways that you can be asked for this code. You could be asked for a phone number so that you can be sent either a text or voice message containing the code. Or you could be asked to use a third-party authenticator app such as Microsoft Authenticator or Google Authenticator. If you are using an app, to set it up you will need to download the app to your phone. Then, when prompted, scan the QR code on the website to link the app. From then on, whenever you log on to that website, you will also need to have your phone to hand to open the app for the code. It may sound like a faff, but the more you do it, the more you will get used to it and it really does help to improve the safety of your sensitive information.
We ask that you use two-factor authentication because passwords alone are a weak form of security. We are all likely to be guilty of using the same password across many platforms. Therefore, if someone gets hold of the password, multiple accounts could be compromised. Phishing attacks are becoming more sophisticated and difficult to spot. An email may appear to be from a legitimate company. But when a link is clicked, you could be taken to a fake site where scammers may be able to convince you to give them your details. But with two-factor authentication, there is an extra barrier.
At Ethical Futures, our staff deal with sensitive information on a daily basis. Therefore, we activate two-factor authentication on every single website and platform that asks us to – no exceptions (we even have it on our Twitter!). For clients, we ask that when you set up your Personal Finance Portal that you activate two-factor authentication. PFP is a secure portal that allows us to send you sensitive information securely. Their email server is more secure than standard email servers so it is our preferred method for contacting you with sensitive information such as valuations and policy numbers. But it is only as secure as you make it. Although your account will work with only a password as security, we ask that you activate two-factor authentication to add that extra layer of protection to your account.
If you would like some assistance in activating two-factor authentication for PFP, get in touch via firstname.lastname@example.org and one of the team will be happy to assist you.
Amendment: Since writing this article, we have had some very helpful feedback from one of our clients. He would like to add that:
- It's better to use a two-factor authentication app or biometrics (such as FaceID on Apple devices or the fingerprint sensor on Android devices) over text messages where possible. It's much harder to exploit them than a phone number. Though he pointed out that text message two-factor authentication is still better than nothing!
- Make sure that if you are using a two-factor authentication app that you back it up. If you lose or change your device you risk being locked out of it otherwise.
- In reference to the point about using the same password across many platforms, he highlighted that this is a much bigger problem that not using two-factor authentication at all. Using a password manager (e.g. iOS keychain, Google Chrome's password manager, 1Password, etc.) is an easy way to stop remembering passwords and instead, generate a secure, non-memorable password for every site.
We really appreciate feedback on our posts, so thank you to our client for getting in touch!
It is important to take professional advice before making any decision relating to your personal finances. Information within this article does not provide individual tailored investment advice and is for guidance only. We cannot assume legal liability for any errors or omissions it might contain. Ethical Futures llp is authorised and regulated by the Financial Conduct Authority.