MAJILLO VIRTUAL

The importance of protecting accounts on the Internet cannot be overstated. There are many tools that a user can utilize that can help with security. One of those tools, LastPass, has been described in a previous post for generating strong passwords. What happens, however, if someone is able to gain access to a user’s password despite the user’s best effort to protect password information?

This is where two-factor authentication (2FA) can really be a significant upgrade to online account security. If a nefarious character is able to get someone’s password, they will not be able to log in to accounts with 2FA because they will require another code to access the account. The code is randomly generated with every use and is usually associated with a user’s mobile phone. This next level of security assumes, of course, that a user will have their cell phone in their possession and will have it locked out to everyone but themselves in case they lose it.

Two-factor authentication can be enabled utilizing different methods, depending on the organization, company, bank, etc that implements two-factor authentication for their users. Some of the common methods users may come across are the following:

1. Once logged in to an account with a user password, the user will not be granted access until they enter a code that is sent to their mobile phone via text message.

2. Once logged in to an account with a user password, the user will not be granted access until they enter a code that they receive from an automated phone call.

3. Once logged in to an account with a user password, the user will not be granted access until they enter a code generated by a token imported into an application, usually on a mobile phone, that stores the token for a particular account.

Methods 1 and 2 are pretty common among many accounts that users have, particularly with financial institutions. The reason being that the concept is pretty straight forward: log in with your password, get a code from a text or phone call, enter it in the text box provided on the web page, and the user gets access. Method 3 is a little different and requires more set up than the first two methods, but is also relatively easy to get going.

Method 3 is an option for those accounts that actually provide a token to be used by their users. Facebook has this option and will be used as an example. The steps are similar for other accounts. The preliminary step in configuring 2FA using a token is to download a 2FA app for your mobile phone. The app I use is a free app called FreeOTP. This app can be downloaded from the Google Play Store or the Apple App Store. Below is a screenshot from my Android phone:

Once FreeOTP is downloaded, look for its icon in your myriad of apps on your mobile device. The icon will look like this:

Assuming that you have a Facebook account, sign in to your account with your password.

1. Click the downward pointing arrow in the top right corner of your page and click Settings.

   

2. On the next Facebook page, click the Security and Login option in the left menu.

   

3. Next, scroll down for the Use two-factor authentication option and click Edit.

   

4. You will be presented with the page below. Select the “Use Authentication App” option.

   

5. Once clicked, the Use Authentication App button will display a pop-up window with a QR Code. Open FreeOTP on your mobile device. Click the QR Code icon in FreeOTP on the top right of the app’s window. The camera scanner will turn on.

6. Hold up the camera to the QR Code presented by the Facebook page. The mobile device’s camera will scan the QR Code and you will get a new row added to your FreeOTP app with your username.

7. Facebook will then ask you to generate a code. Using FreeOTP click the FreeOTP icon to the left of your username. It will generate the code. Enter the code into the Facebook prompt. One thing to notice is there is a timer on the code generator. If you do not enter the code before the timer is up in FreeOTP, you will need to repeat this step.

8. Congratulations! You now have 2FA enabled for Facebook. This process is similar for other accounts. When you log out of Facebook and attempt to log in again, enter your username and password as usual. When you get access, Facebook will ask you to generate the code. Open FreeOTP and follow step 7.

If you have questions or comments about 2FA, please feel free to contact MaJillo Virtual! Thanks for reading!