Two Factor Authentication (commonly abbreviated as 2FA) is a form of multi-factor authentication whereby a user must go through two stages of security before being granted access to an account or system. 2FA increases the safety of online accounts by removing a single point of failure or access to an account, and instead requiring a combination of a password, fingerprint, a one time password (OTP) or pin number, before they log in.
Understanding Two Factor Authentication
2FA is designed to remove the single point of failure of one password being known by another individual to gain access to another's account.
Two Factor Authentication typically comes in a few options:
- OTP or One Time Password - this is a password generated by your smart phone that is 6 digits long, and changes every 30 seconds. This would require you to have access to your phone at the same time of logging in to be able to enter the unique code.
- Hardware Authentication - Found in a NitroKey/YubiKey, these are typically USB devices connected to your smart phone or computer, that upon touching them, generate a unique FIDO-based public/private key pair to authenticate.
- SMS Notification - A one time code that is sent to your phone via an SMS/text message for you to use.
Why use 2FA?
With data breaches leaking a staggering number of username and password combinations happening more frequently in this decade (January 17th of this year saw a 2.2 billion unique username and password leak), there’s no better time to enable a second layer of protection on your account than now. Users may be at greater risk of compromised passwords than they realize, particularly if the same password is used on more than one website.
Although 2FA adds an additional step as part of the login process, and therefore does take a few extra seconds, it’s certainly recommended to enable 2FA wherever possible, to your email addresses, bank accounts, mobile phone accounts, social media, etc. Here at Krystal, our 2FA system we have built into your client area requires you to link up a mobile device to your account. When you login and enter your password, you need to open your 2FA app of choice on your smart phone and confirm your one time password, a 6 digit code that changes every 30 seconds.
Do Krystal use 2FA?
We certainly do! All of our system critical systems have a multi-factor authentication option available to them for our staff to ensure your data and systems are secure. We also use a variety of different methods of 2FA through the use of YubiKeys, hardware based authentication devices, as well as phone based one-time passwords. We feel that the extra second it may take to login is worth it to ensure our services and your data is secure.
Staying safe online is only increasing in importance as more services and businesses move onto online only solutions. We’d recommend enabling 2FA with us here at Krystal and have created a guide on how to do so, just by following these few steps.
If you have any questions about 2FA, our support team are available 24/7. You can get in touch with us via support ticket, live chat or telephone, here.