Two-factor authentication

By Martin Edwards

Last updated December 2017

Think about chip and PIN. It makes your bank account more secure because you need two different things to use your debit card:

• Something you have (the card)
• Something you know (the PIN)

Before this, just having the card was enough, so anyone who obtained your card could make payments (assuming they could roughly imitate your signature).

Chip and PIN is the most familiar form of two-factor authentication. But companies are gradually adopting a similar approach for online accounts too. If you have Gmail, Outlook.com (formerly Hotmail), a Microsoft account or an Apple ID, you should consider two-factor authentication because it greatly increases security. Many other companies offer it too.

Instead of a card, your phone is used as the ‘thing you have’. The first time you sign into your account from a particular computer, after entering your password, the company sends you a text or calls you with a one-off code. Receiving this code proves your possession of the phone. You type in the code on the computer and get into the account. Typically, the company remembers this particular computer so you don’t have to repeat the process each time.

Now consider that a hacker guesses your password, or tricks you into revealing it via a scam phone call or bogus website. Their goal is to access your account from their own computer. They get through the password stage, but because their computer is unfamiliar to the account, they get asked for a one-off code. They can’t receive this because they don’t have your phone! Their effort is thwarted.

Two-factor authentication is a massive step forward for security, for only a little extra work for you. Once you’ve set it up, it will go a long way to keeping hackers out, without inconveniencing you on a day-to-day basis.

Note: Google (Gmail) and Microsoft (Outlook.com, Hotmail) refer to two-factor authentication as two-step verification. It’s the same thing.

What if you lose your phone?

Good point! First, it’s a good idea to have more than one phone registered, if possible. These may include your mobile, landline, or a partner or friend’s phone. You might also be able to install an app on your tablet which can generate codes. In the case of Apple, your computer can be registered to receive codes. And with Google, you can print out 10 emergency codes to hide in a drawer somewhere or take with you travelling.

Need help?

I’m a computer technician and tutor serving North Oxford, Kidlington, Woodstock and the surrounding villages. Visit my home page to find out more and get in touch.