Accounts now need a second layer of security, which is why two-factor authentication was introduced.
Using a password has been the main point of entry for website accounts since the dawn of the internet, becoming the standard in internet security. Except that now, computer hacking, phishing scams, and social engineering has increased to the point where passwords, which can be guessed or stolen, are no longer the most secure method of security on their own.
What is two-factor authentication?
Two-Factor Authentication (2FA) has become a routine security measure to protect online accounts by requiring more than just a traditional username and password. 2FA is a method of confirming the account owner's identity by using two different factors of entry. In order to log in, you need to "know" something (such as a password), and you need to "have" something that no-one else has (such as a generated token or fingerprint).
How does two-factor authentication work?
The most common types of two-factor authentication systems will ask the user to first input their password. Once the password has been validated, the system will generate a one-time, time-sensitive token that is sent to the user's cell-phone. The user then enters the token that was generated and sent to them and access to the account will be granted to them.
Using this token, the user can authenticate their login session and gain access to their account. Let's say you log in to your Gmail account. It will ask you for a password and will also ask you to enter a pin-code that was sent to your phone. That way if someone steals your password, they would also need to steal your cell-phone.
Methods of two-factor authentication
2FA doesn’t necessarily need to use your cellphone to generate a token, other examples of methods of authentication include fingerprint ID, facial recognition, or a keycard. Another popular method of two-factor that is being implemented in businesses today is token generator apps, such as Google Authenticator.
Why your business should consider using 2FA
Currently, two-factor authentication is one of the most effective methods of reducing your risk of a security breach due to an account takeover. Enabling two-factor on your personal accounts that involve important information and payment details are important in protecting yourself from fraud and identity theft. It’s not 100% secure, but it is an important step in increasing the security for your customers and protecting your business' brand and reputation.
When is 2FA required?
To use 2FA you need to enable it. Many online services and businesses (including Helcim) now offer the option to enable 2FA. In general, 2FA is recommended, and sometimes required to be enabled for any account that contains sensitive data or that could be used to access other accounts (such as email or social media).
How to enable and set up two-factor authentication?
You can customize your user settings from your Helcim dashboard to enable 2FA — Simply follow the steps below or visit our support article for more information:
- On your Helcim dashboard, click on your user icon on the bottom left hand corner of the screen
- Click on your name
- Select “Security Settings” on the menu on the left hand side
- Toggle on “Two-Factor Authentication”
- Select “SMS” as your “Two-Factor Method”
- Make sure you have the correct cell phone number in the “Security Verification” section at the top of the page
- Hit “Save” and you’ll be prompted to enter your Helcim password And you’re set!
What is Google Sign-In and can it be used with 2FA?
You might have seen a "Continue with Google" button on a sign-in page lately . This is another secure method of signing in which can be combined with 2FA.
Rather than entering your login information for your account (and remembering another password) you will either be prompted to enter your Google credentials, or if you are already logged in to your Google account from the device, you can select an associated Google account which will log you in. From there, if two-factor authentication is enabled, a token will be generated and sent to a verified device as usual.