Guide to Choosing a Second Factor

Follow

Using 2FA can mean getting a one-time use code sent to your phone via text or app, or using a physical token, like a security key. The setup and use of 2FA adds a small amount of complexity, but ensures that even if someone obtains your password, they will not be able to log in to your account unless they also have your 2FA device.

There are several different types of second factors, each with benefits and drawbacks. Security keys are the most secure option and offer a better user experience. If you can afford to use a security key, you should. For most users, we recommend using a free app on your smartphone to generate your one-time passcodes. This option strikes a good balance between security and cost.

In some cases, your 2FA options will be limited by what your account provider offers. This website shows the types of 2FA used by different services: https://twofactorauth.org

	Not Recommended	Cost-effective recommendation	Most secure recommendation
2FA Type	Code sent via text   message or email	Code generated by    app on smartphone	Security Key
Examples	N/A	Authy, Duo, Google  Authenticator, etc	U2F security keys from Yubikey, Feitian, etc
Benefits	Easy to set up Free	Easy to set up Free	Easy to setup and use Most secure option
Drawbacks	Vulnerable to phishing and phone / email intercept attacks Users must copy six digits each login	Vulnerable to phishing Users must copy six digits each login	Cost May be easier to lose/forget than your phone
Cost	Free (with an existing unlimited text message plan)	Free (when used on an existing mobile device)	About $15-20 / key
How to access Second Factor	N/A	Authy Duo Mobile	Yubikey Feitain

 

While any of the apps mentioned in the table above will work, we recommend Authy or Duo Mobile. Each offers a good user experience and broad user community. You can most likely enable 2FA for many of your online accounts using either app. Because email typically holds a large amount of sensitive information and can often be used to access your other accounts, it's good to start by enabling two factor authentication for your email account.

Additional info:

• Using Authy to enable 2FA on your Gmail or G Suite account
• Using Authy to enable 2FA on your Microsoft or Office 365 account 
• Using Duo Mobile to enable 2FA for your accounts 

For help setting up your 2FA app or security key, request an online training.