Episode 2

full
Published on:

15th Aug 2023

Ep2: Securing Logins with Two-Factor Authentication

In this episode of The Byte-Sized Security Podcast, host Marc David speaks with returning expert Nancy Doe about how two-factor authentication enhances login security. They discuss:

  • What 2FA is and how it requires both a password and a secondary code or factor to log in
  • Real-world examples of using an authenticator app or text code as the second factor
  • Benefits of 2FA like blocking hackers even if passwords are stolen
  • Tips for enabling 2FA on email, banking, social media, and sensitive accounts
  • Setting up backup codes and recovery options to avoid lockout
  • Emerging authentication methods like biometrics and security keys
  • Why adding 2FA is one of the top steps you can take to lock down accounts

To learn more about two-factor authentication and other practical online security techniques, visit The Byte-Sized Security Podcast website at bytesizedsecurity.show. See you next week when we cover how to spot and avoid phishing attacks. Thanks for listening!

2FA Directory:

https://2fa.directory/us/

Transcript
Marc:

Welcome back to the bite-size security podcast.

Marc:

Your source for practical cybersecurity advice.

Marc:

I'm your host, Marc David.

Marc:

With new account breaches in the news weekly it's clear, relying

Marc:

on passwords alone is not enough to protect our online identities.

Marc:

That's why today I'll be talking with returning expert Nancy Doe about

Marc:

how two factor authentication takes login security to the next level.

Marc:

Stay tuned to learn how to factor authentication works.

Marc:

And simple ways to start using it.

Marc:

In your important accounts.

Marc:

Nancy.

Marc:

Thanks for joining me again.

Nancy:

Happy to be here.

Nancy:

It's such a pleasure talking Information Security that hopefully

Nancy:

makes a difference in somebody's life who's out there listening.

Marc:

To start off can you explain what two factor authentication is?

Nancy:

Sure.

Nancy:

Two-factor authentication, or 2FA, is a method for confirming a user's identity

Nancy:

that requires two different forms of evidence before granting access.

Nancy:

Typically this involves something you know, like a password,

Nancy:

along with something you have, like a generated code from an

Nancy:

authentication app or a security key.

Nancy:

Requiring both factors verifies the person signing in is who they claim to be..

Marc:

So adding that second factor definitely seems more secure

Marc:

than relying on passwords alone.

Marc:

Walk us through what two factor authentication looks like in practice

Nancy:

Definitely.

Nancy:

Let's say you want to log into your email.

Nancy:

You enter your username and password as usual - that's the

Nancy:

first “what you know” factor.

Nancy:

But instead of immediately getting into your account, you'll then be

Nancy:

prompted for the second factor.

Nancy:

This could be a 6-digit one-time code generated from an authentication

Nancy:

app you've installed on your phone, like Authy or Google Authenticator.

Nancy:

You open the app, grab the current code, and enter it to complete login.

Marc:

And that unique code changes continually so it can't

Marc:

be reused what other options are there for the second factor?

Nancy:

Right, it's a one-time code just for that session.

Nancy:

Other options include getting the code texted to your phone, using a hardware

Nancy:

security key that plugs into your computer, or tapping a notification

Nancy:

on your phone to approve the sign-in.

Nancy:

The key is requiring something in addition to your static password.

Marc:

Definitely more secure what are the main benefits

Marc:

companies and users get from 2FA?

Nancy:

There are a few big upsides.

Nancy:

It blocks hackers and thieves who manage to steal a password, since they won't

Nancy:

have the second factor to complete access.

Nancy:

It prevents automated bots from breaching accounts using

Nancy:

lists of leaked credentials.

Nancy:

It alerts you to login attempts from unknown devices.

Nancy:

And it gives users peace of mind knowing their accounts have extra protection.

Nancy:

Enabling 2FA is one of the top steps companies and individuals

Nancy:

can take to improve login security.

Marc:

Are there any downsides to be aware of?

Nancy:

There's a small amount of additional friction since you

Nancy:

need both factors to sign in.

Nancy:

Occasionally the Two-Factor Authenication code can expire on

Nancy:

your phone before entering it.

Nancy:

You also want to make sure you don't lose access to your second factor.

Nancy:

But overall the added security far outweighs these minor inconveniences.

Marc:

What advice do you have for listeners looking to start using 2FA?

Marc:

Should they enable it everywhere

Nancy:

I would recommend starting by enabling 2FA on accounts where a

Nancy:

breach would be most damaging - like email, banking, and social media.

Nancy:

Also use it for any sites that store your financial data or sensitive information.

Nancy:

From there, you can expand to other logins as well.

Nancy:

As for which method to use, authentication apps tend to be the

Nancy:

most secure and convenient option.

Nancy:

A great start is the 2 Factor Directory at two f a dot directory.

Nancy:

This website shows different categories of web sites that can support 2FA.

Nancy:

If 2 factor can be enabled and then step by step instructions on how to enable

Nancy:

2 factor authentication for each site.

Nancy:

It's absolutely one to visit and bookmark.

Nancy:

Check the show notes for a link to this site.

Marc:

If someone is nervous about getting locked out if they lose

Marc:

a device what's the solution?

Nancy:

Excellent point.

Nancy:

It's smart to set up backup Two-Factor Authenication methods you can use

Nancy:

to recover access, like printing out one-time use backup codes or setting

Nancy:

up a secondary authentication app.

Nancy:

And confirm that account recovery options like phone numbers are up-to-date.

Nancy:

But the small risk of temporary lockout is still far preferable

Nancy:

to the huge risk of a breach.

Marc:

Great overview of how to smartly implement to 2FA.

Marc:

Before we wrap up what emerging authentication trends are on the horizon?

Nancy:

Biometrics like fingerprint, face, or iris scanning offer a convenient second

Nancy:

factor tied to a physical characteristic.

Nancy:

Security keys that confirm logins after tapping them are also growing in use.

Nancy:

And passwordless methods like sending a link or code to your phone

Nancy:

could complement 2FA in the future.

Nancy:

But for most purposes right now, standard 2FA is a huge step up in account security.

Marc:

Excellent advice for listeners looking to lock down their online

Marc:

accounts thank you nancy for shedding light on two factor authentication!

Nancy:

My pleasure Marc.

Marc:

Thanks for joining us for this episode, explaining the

Marc:

power of two factor authentication to block unauthorized access.

Marc:

Enable two factor authentication, on important logins for

Marc:

serious peace of mind.

Marc:

Visit bite-size security.show to learn more ways to boost your online security.

Support the Podcast with a Tip

If you're enjoying Byte-Sized Security and finding these practical tips useful, please consider supporting the podcast with a small contribution. It costs $17 per month just to cover podcast hosting fees, and your support helps offset the costs of producing this security resource and keeping episodes free. Even a tip of $1-5 per month from loyal listeners adds up and allows me to continue providing great cybersecurity info. Please considering a donation. I appreciate you helping sustain Byte-Sized Security! Now back to the security tips..
Support the Podcast
A
We haven’t had any Tips yet :( Maybe you could be the first!
Show artwork for Byte Sized Security

About the Podcast

Byte Sized Security
Snackable advice on cyber security best practices tailored for professionals on the go
In a world where cyberattacks are becoming more commonplace, we all need to be vigilant about protecting our digital lives, whether at home or at work. Byte Sized Security is the podcast that provides snackable advice on cybersecurity best practices tailored for professionals on the go.

Hosted by information security expert, Marc David, each 15-20 minute episode provides actionable guidance to help listeners safeguard their devices, data, and organizations against online threats. With new episodes released every Monday, Byte Sized Security covers topics like social engineering, password management, multi-factor authentication, security awareness training, regulatory compliance, incident response, and more.

Whether you're an IT professional, small business owner, developer, or just someone interested in learning more about cybersecurity, Byte Sized Security is the quick, easy way to pick up useful tips and insights you can immediately put into practice. The clear, jargon-free advice is perfect for listening on your commute, during a lunch break, or working out.

Visit bytesizedsecurity.com to access episodes and show notes with key takeaways and links to useful resources mentioned in each episode. Don't let cybercriminals catch you off guard - get smart, fast with Byte Sized Security! Tune in to boost your cybersecurity knowledge and help secure your part of cyberspace.
Support This Show

About your host

Profile picture for Marc David

Marc David

Marc David is a Certified Information Systems Security Professional (CISSP) and the host of the cybersecurity podcast, Byte-Sized Security. He has over 15 years of experience in the information security field, specializing in network security, cloud security, and security awareness training. Marc is an engaging speaker and teacher with a passion for demystifying complex security topics. He got his start in security as a software developer for encrypted messaging platforms. Over his career, Marc has held security leadership roles at tech companies like Radius Networks and Vanco Payment Solutions. He now runs his own cybersecurity consulting and training firm helping businesses and individuals implement practical security controls. When he’s not hosting his popular security podcast, you can find Marc speaking at industry conferences or volunteering to teach kids cyber safety. Marc lives with his family outside of Boston where he also enjoys running, reading, and hiking.