Whether it’s for accessing Facebook, Amazon, your bank account, your cryptocurrency wallet, two-factor authentication is vital! It’s good to enable it whenever possible and better yet, enable strong authentication if it’s available.
If you regularly make purchases on the Internet, it is likely that your bank has activated the following system: before validating a payment, a code is sent byon your phone . You must enter this code online so that the payment can take place.
This system – theor 2FA (2 Factors Authentification) is what has been found simpler to date to solve the insufficiency of the system of .
Password protection has lived
It all started with an observation: the password system has lived. It has too many weaknesses to offer absolute security.
- First, a large number of users use expressions that hackers can easily “crack”. Every year, Splashdata publishes the list of the 25 most used passwords. We can hardly believe it but the reality is there, the number 1 of the lot is: “123456”. Number 2 is barely more complex: “123456789”. And # 3 is “QWERTY,” which is the first six letters of an American keyboard.
- It is also common for users to use combinations that are easy to guess. Example: Claude Dubois, born January 24, 1984, will have the password: “CD240184”.
- Even though the password would be more complex, hackers have developed a large number of techniques to get a user to reveal his password in spite of himself. One of these methods is , or a site which faithfully reproduces the interface of a site known as .
- Another method is to place on the of a user a keylogger, that is, a program that records what it types on its keyboard.
- It is common for databases to be hacked and for hackers to gain access to the passwords of a large number of users. In September 2018, was forced to reveal that a security breach had compromised 50 million accounts, including 200,000 in France.
The need for alternatives to passwords
To remedy the weaknesses of the password system, many systems have been devised.
- If you have an iPhone, you know that Apple has opted for a (the recognition of attributes ) as the sesame of your device. First of all the , more recently, facial identification.
- From such as create ultra-complex and different passwords for each site visited, and provide them on their own on each visit.
- Protection systems involving a key were developed, such as Yubikey by Yubico. In the sector of , the French company Ledger offers a key of this type, which stores all access to wallets (wallets) and exchanges (market places).
- Companies such as Where are working, in partnership with companies such as Visa or Mastercard, on a universal alternative that would be used on the Web.
However, two-factor authentication is the simplest system. It was put in place by a large number of Web players, in particular banks and for good reason: the second European Directive on payment services, in force since January 13, 2018 – and aimed at strengthening the security of payments by line – advocates the use of this two-factor authentication by payment service providers.
On sites such as Facebook,, Amazon, it is up to the user to take the step of activating two-factor authentication – it is not offered by default. Be aware that sometimes this system is called “two-step verification”.
How does it work ?
Two-factor authentication (2FA) works like this. If an intruder tries to gain access to your wallet, to your Cloud, to your Twitter or Amazon account from an unusual device, a security code is sent in the form of an SMS or even to an e-mail address, sometimes also on an authenticator application. It is necessary to type in this code before you can proceed.
So even then, even if you would uselittle , it will be impossible for a hacker to enter your account or carry out financial transactions.
In addition, receiving a code requesting access to your Facebook or Amazon may alert you that someone has “cracked” your password, which alerts you to the need to change it immediately.
Even more important is the need for 2FA if you are managing a cryptocurrency account. Many exchanges – this is particularly the case of Binance or Coinbase – require this authentication before authorizing a transfer of crypto-assets to an external address. In addition, on a site such as Binance, you can also protect access to your account by scanning a barcode from the corresponding mobile application.
In order to protect their users against any risk of scams, a large number of cryptocurrency-related applications may require enhanced verification. For example, on Binance, it is possible to require a higher level authentication:
- sending an SMS to a mobile phone;
- validation via an authentication application that must be launched on his mobile such as Google Authenticator.
Result: it is necessary to type twoto authorize a transaction. Whenever such an option is offered, it must be activated. It would be too bad to see a wallet emptied of its assets following an intrusion.
To choose, it is better to adopt a validation via an app likethan sending an SMS. An SMS message could be intercepted by a zealous hacker, while an authenticator app enjoys a higher level of security. However, the ideal is to activate both.
Also, sometimes the Google Authentication app will just ask you to hit the “Yes” key in response to a question such as: “Are you trying to sign in?” “. The validation is therefore fast, but efficient. In particular, Google may request this verification each time you connect to, Google Sheets, or other home app from an unusual device. In fact, Google considers this protection so important that since November 2021, this publisher has decided to impose it on two million account owners. and intends to extend it to various Google accounts.
We can only advise to take advantage of these various authentication systems. It doesn’t matter if you waste a little time providing these sesame seeds each time. The security of your accounts is at stake. Those who have had their Facebook hacked can easily testify to thethat they thus suffered.