Two factor authentication, or 2FA for short, is an additional layer of security that I recommend adding to your most precious internet accounts e.g. your email account, password managers and banks for example. 2FA can also be called ‘multifactor authentication’. Securing a web account with just a password ‘should’ be ok, but we have seen so many times where security has been implemented badly and passwords are weak or leaked. A recent example of this was in May 2018 when Twitter asked all of its 300+ million users to change their passwords, after it established that their event logging system was recording passwords in clear text before the passwords had been encrypted. It was an internal event logging system, so Twitter recommended a password update as a precaution… just in case!

What 2FA does is it prompts for an additional security code rather than just relying on a password (something you know). 2FA can be achieved with a soft or hard token (something you have) or using a finger print (something you are). A soft token is software that is installed on something you have (phone), whereas a hard token is a device that’s sole job (a key fob). Both types of token display a set of number used in addition to your password to login.

A popular soft token is Google Authenticator, which uses a time based one-time password algorithm and can be installed on a mobile, so you always have it with you, (if you have your mobile with you). Hard tokens provide additional security being a physical device rather than software, so it’s a combination of something you have (physical) as well as something you know (password). Yubikey is an example of a hard token, they make the authentication process quicker as you don’t have to type in any numbers, just touch the token, but you must have it with you and the devices typically cost between £20 and £60 compared to Google Authenticator which is free.

Some websites use SMS text for their two-factor authentication. If there is an option to choose SMS or Google Authenticator… choose Google Authenticator! The mobile networks have no authentication or encryption, so it is possible for mobile numbers and texts to be intercepted or spoofed, but having said that, the extra security that two-factor SMS provides compared to just a password is better!

It’s fairly easy to set up 2FA; start by installing the Google Authenticator app to your mobile then if you have a Google account, follow their set-up guide . For other accounts you could use  which has collated a list of the most popular sites enabled for 2FA.

Article Author.

Jennie Cleal

Senior Consultant - Information Security
Jennie is a focused, strategic leader with a proven ability to encourage and motivate others. She has excellent people skills... Read More From Jennie Cleal

Our Latest Insights.

Our work means different things to different clients and we wanted to share some details of the projects we have managed to give you an insight into our capabilities and the impact we have delivered as a business.


View All Insights

Say Hi.

Did you like what you read? Did you want to find out more about the subject? Or did you simply want to get in touch with us? Either way if you would like to get in touch with us you can do so using the form on the right.

Gemserv will use your details to get in touch with you and to send you information about our products and services that you have requested, in accordance with our privacy policy. You can, of course, opt out of these communications at any time!

Get In Touch

Want to find out more?

Follow the links below find out more about the services we provide, our insight into the industries we serve or the opportunities available with us.
Sectors Capabilities Our Insights Careers