Get started with two-factor authentication (2FA)
- Background
- 27 November 2021
- Edited 17 April 2024
- 3 min
- Managing and growing
- Secure business
Your username and password are like a goldmine to a cybercriminal. Because having these allow them to log into your account, and to easily rob and scam you. Adding an extra lock makes it harder for cybercriminals. Two-factor authentication (2FA) is an excellent example of this.
Two-factor authentication, multi-factor authentication, two-step verification, or even 2FA or MFA. All these names cover the same idea: in addition to your password, use an extra way to prove that you really are the owner of your account. To log in, you not only need your password but also, for example, your fingerprint, a code that you receive via text message, or a separate app. With 2FA, your accounts are more secure. A hacker who knows your username and password will then no longer easily enter your account.
Weak passwords
Why is 2FA important? “Because the passwords we use are not always secure,” says cybersecurity expert Erwin Hasenpflug of the Digital Trust Center (DTC). “It is difficult to use a unique, strong password for every account. Unfortunately, we know that the name of our favourite football club is still high on the list of commonly used passwords, and that people reuse passwords on different accounts.”
If cybercriminals get to your accounts through these vulnerabilities, they can steal data or money. With 2FA you put an extra lock on your account.
From text messages to a keyring
2FA comes in many shapes and sizes. In online banking, it is normal to need a security code after using your password. Accounts on major platforms such as Google and LinkedIn are also secured with an SMS code or via an app. You can also sometimes use your fingerprint. There are several free and easy-to-download authenticator apps (in Dutch) for your phone. And there are physical devices (in Dutch) or USB ‘keys’ that you hang on your keyring. Do you want to log in to an account? Then insert the key into the USB port of your laptop.
Those few seconds are worth the extra security.
Which 2FA should you choose?
Keep in mind that receiving a code via SMS is less secure than an authenticator app. An attacker can intercept a text message by taking over the phone number by SIM swapping (in Dutch). But 2FA via SMS is still more secure than with just your password. "It takes extra time to log in, which is a disadvantage. But those few seconds are more than worth the extra security,” says Hasenpflug.
Start with your email account
Set up multifactor authentication for as many accounts as possible. That is the most secure. Start at least with your e-mail. From Facebook to your accounting package: you use your e-mail address as your username almost everywhere. Once criminals have access to your email, they can enter all those accounts.
Phone not working
Sometimes you discover a disadvantage of 2FA when it is too late. For example, what if your phone falls in the water or breaks? Then you can no longer receive codes via the authenticator app or SMS, so you can no longer log in to your account. Installing the app on a new phone makes no sense, because the app is linked to the device that is broken or lost. You can also lose other 2FA methods, such as a hardware key. In all these cases, you can no longer log in to your account. Unless you have set up a recovery method beforehand.
Recovery Codes
Choosing an authenticator app? Then also check how to restore the app. There are several ways to do this. Some apps give you a backup in the cloud or work with recovery codes. You write down such a code and keep it in a safe place, such as a safe. Does your phone break? Then use the recovery code to link your authenticator app to a new device.
Do you opt for 2FA methods such as a hardware key or a smart card? Even then, make sure you have a recovery plan. This could be a recovery code or another 2FA method such as an authenticator app. Have you lost the hardware key or smartcard? Then log in via the authenticator app and immediately disable the lost device as a login method. This prevents misuse. Then, if necessary, link a new key to your account via the recovery code.
Never 100% safe
There is no such thing as completely secure. Things can also go wrong with 2FA. A cybercriminal can, for example, intercept your username, password, and 2FA code via a fake website. They can then hack into your account.
However, an account with 2FA is always safer than one without. In 2023, this was therefore the security measure most frequently implemented by entrepreneurs. Software and online service providers also know that 2FA is more secure. Two-step verification is therefore possible on more and more accounts. Take advantage of this.
2FA on your own website
Do you have your own website or webshop where customers log in? That too is safer with 2FA. How you activate 2FA for your customers depends on the platform your website or webshop is on. And whether you manage that software yourself.
In own management
Do you manage your own website with a content management system (CMS) such as WordPress, Joomla, or Drupal? Or do you have a webshop on an e-commerce platform such as Shopify, Wix, or Lightspeed? If so, check the settings of that software and enable 2FA for your customers. There are also often plug-ins available that enable 2FA on these platforms. How exactly to set this up can be found online.
Managed by someone else
Does an IT supplier or web builder manage your website or webshop? Then ask them to enable 2FA for your customers. Or to install a plugin that enables 2FA for them.