Using 2FA can mean getting a one-time use code sent to your phone via text or app, or using a physical token, like a security key. The setup and use of 2FA adds a small amount of complexity, but ensures that even if someone obtains your password, they will not be able to log in to your account unless they also have your 2FA device.
There are several different types of second factors, each with benefits and drawbacks. Security keys are the most secure option and offer a better user experience. If you can afford to use a security key, you should. For most users, we recommend using a free app on your smartphone to generate your one-time passcodes. This option strikes a good balance between security and cost.
In some cases, your 2FA options will be limited by what your account provider offers. This website shows the types of 2FA used by different services: https://twofactorauth.org
|
Not Recommended |
Cost-effective recommendation |
Most secure recommendation |
2FA Type |
Code sent via text message or email |
Code generated by app on smartphone |
Security Key |
Examples |
N/A |
Authy, Duo, Google Authenticator, etc |
U2F security keys from Yubikey, Feitian, etc |
Benefits |
|
|
|
Drawbacks |
|
|
|
Cost |
Free (with an existing unlimited text message plan) |
Free (when used on an existing mobile device) |
About $15-20 / key |
How to access Second Factor |
N/A |
While any of the apps mentioned in the table above will work, we recommend Authy or Duo Mobile. Each offers a good user experience and broad user community. You can most likely enable 2FA for many of your online accounts using either app. Because email typically holds a large amount of sensitive information and can often be used to access your other accounts, it's good to start by enabling two factor authentication for your email account.
Additional info:
- Using Authy to enable 2FA on your Gmail or G Suite account
- Using Authy to enable 2FA on your Microsoft or Office 365 account
- Using Duo Mobile to enable 2FA for your accounts
For help setting up your 2FA app or security key, request an online training.
Comments
0 comments