2 Factor Authentication – What is 2FA?

- Ah ha ha! You clicked on this video because you wanna learn more about 2FA, two-factor authentication. You're wondering if it's something that you should be using. I think you should, and I will show you why and what it is today on Dotto Tech. Steve Dotto here, how the heck you doing this fine day? Today we're gonna dive in and take a look at a really important security tool that we all have access to, and more of us should be using. It's called two-factor authentication and you'll see it often in websites called 2FA, standing for two-factor authentication. Now, unfortunately, there's a little bit of confusion, 'cause our friends at Google don't call it two-factor authentication. Instead, they like to call it two-step verification. I don't know why they do that, but it's the same thing. Here's the basic premise of 2FA or two-step verification. It is you have two different pieces of information that are needed to access your account. Actually, there's probably three, but you have to actively take two steps. Typically speaking, you go to sign in to an account. Let's say it's your Gmail account. You go to sign in on your computer. You have, of course, your username, and you have your password. That's the normal way that we enter and we log into any website or any service. The two-step verification, or the two-factor authentication, comes because we need another piece of information that only we can have. And, typically speaking, that's gonna be our smartphone, but it can also be things like a dongle or some other piece of hardware, or even another piece of software that only we have access to and that will verify that we are, indeed, the person who should be signing into the account. The premise is that if your information gets stolen, if a website gets hacked and your username and password get stolen, then people, theoretically, have the keys to your entire kingdom. However, if you've got your smartphone with you and they don't, and they try and log in and your accounts are protected through 2FA, then it does them no good, because they can't get in unless they have the real key to the kingdom, which is the second factor in the two-factor authentication. So, that's where the two steps come in. I think I should just show you how it all kind of comes together, with a quick demonstration. I'm gonna sign into an account that I have, that I've enabled two-factor authentication for. Then, after this, I'll take you back and I'll show you how you set it up, for example, in your Google account. But lemme show you how I sign into my Stripe account. Stripe is an online payment system. Of course, security's really important with any financial applications. Now, when I go to sign in, you see what happened there is I clicked on my account, having my account name and my password put into the fields, and it says, wait a minute, what's your verification code? It's asking for my two-factor authentication code, and it is on my smartphone. So, on my phone, if I go into my security settings, I've got something called Authenticator. It's a Google app which I install on my smartphone, which gives me codes for each of the different services that I sign into using two-factor authentication with Google, and you can see, there, there's my Google one, there's my Stripe one, and there's my Facebook one, all listed up there. So, those are the accounts that I use two-factor authentication for. Oh, do you notice, it just changed color, and then the number changed? That's because there's a little bit of a fudge factor, as far as there's a refresh cycle for each of them, and you can see the clock kinda counting down. So, let's quickly enter it before we run out of time. Let's enter our code, it's 781 741. You notice that I'm not really worried about you seeing these codes, because these are randomly generated as we go, and by putting in that code on my smartphone, which only I have access to, because it's synced, the clocks are synced, or the information is synced between Google Authenticator and the authentication server for the website, it then lets me into my account and gives me access. That's the beauty of two-factor authentication, is only you have the second tool that is required to get you into your service. Now, this isn't gonna be 100%. I know people are gonna post comments in our comments, saying, "Oh, you know, "nothing is 100% secure, people could still, "they could spoof, because it's based "on the mobility system, "people can spoof your phone number "and they can still get a text code "and they can still get into your account." Yes, nothing is 1000% secure, but, this is going to eliminate the vast, vast, vast majority of issues with people being about to hack into your account. Now, the two-factor authenticator, the Authenticator app that I have running here on my smartphone, there's a variety of different tools that you can use. Google has their Authenticator, there's another authenticator from LastPass, which is the password and security tool that I have, which would work very well, and there are other tools available, if you don't wanna use Google's tool. Now, the authenticator apps are just one method that you can use for the two-factor authentication, because it's not, it doesn't rely, always, on that app. You could also use a piece of hardware, such as, we've got, if you're an Android user, you can use something like the YubiKey, which is a two-factor authentication dongle, which will plug into computer's USB port or USB-C port and give you a hardware verification that you are the person that should be signing in, and this one also has, this particular model here also has NFC, or the near-field communication capability. Just putting it near your phone can actually unlock whatever site it is you're trying to get into. That doesn't work in iOS, because of some extra security measures that are built into Apple's operating system, but they're, here, we see the second factor being a dongle, or a hardware dongle, or a key to get you in. Now, if you've not yet enabled two-factor authentication, it's gonna be found in the security settings for most of your different accounts that you have, and let's start with Google, 'cause a lot of people will set up their Google account as their very first two-factor authentication secured account. If you go into your Google account, you do that by clicking under your icon when you're in any Google site. In Gmail or Google Calender, or you can just go into your Google account. There, you find the security tab, and right there, at the very top, you have two-step verification being enabled. Now, mine is obviously turned on. If you click on this pop-up, and then you see that the second step for two-step verification gives you, in my case, I've got three options here. It might look slightly different, depending on what country you're in, but mine is three. One of is a Google prompt. The second is the authenticator app, and the third is sending an actual message, either by voice or by text, to a smartphone. So, those are the three different second factors that I can use if I'm setting up my Google account. Now, there's, if I'm using the Google Authenticator app, I turn it on here and we sync it back and forth. Actually, it'll sync, it'll actually sync using a QR code that you just point your phone and point it at the screen, and use a QR code in order to create the sync, but they also have something called the Google prompt, which is pretty cool. What'll happen is, it'll send you a message, and it comes as an email, like in Gmail, saying, is this you that's signing in? And you just say yes, right within the message that comes to you on your phone, and then it recognizes and then allows you in. So, it bypasses the need to enter those six digit codes, but instead, it sends a message to the trusted device, the second factor, which is your smartphone, and then asks to be able to log into the account. Regardless of which of these techniques you decide you want to use, I really heartily encourage you all to set up two-factor authentication for all of your critical accounts. It's a small step, as far as the amount of effort that it takes on your part, takes a little bit of learning, but as you've seen here, it's not that complicated. But it adds a tremendously aggressive second level of security to all of your accounts. Now, this doesn't mean that you don't have to constantly change your passwords and keep good quality passwords and not use the same password on any two platforms. All of those rules are still in place. Two-factor authentication doesn't replace any of those. Instead, it augments your security, adding an extra level of security to help keep us safe in this ever more dangerous world. If you found today's video to be useful, I have a favor to ask of you. Please give us a like and share this video with somebody who you think could improve their security. It's a little subtle message saying, hey, let's all be safe out there. It's a dangerous world. Make sure that you've also subscribed to this channel and ring that notification bell. So you hear when we upload new videos at Dotto Tech. Looking forward to your comments and suggestions. 'Til next time, I am Steve Dotto. Have fun stormin' the castle!