|
|
Edited by Dinesh Vishwakarma at 2019-04-11 14:54
[strong]How to choose the right level of security for every account[/strong][strong]?[/strong][br][br]
[br][br]If you aren’t already protecting your most personal accounts with two-factor or two-step authentication, you should be. An extra line of defense that’s tougher than the strongest password, 2FA is extremely important to blocking hacks and attacks on your personal data. If you don’t quite understand what it is, we’ve broken it all down for you.[br][br][strong]Two-factor-authentication: [/strong][br][br][strong]What it is[/strong][strong]?[/strong][br][br]Two-factor authentication is basically a combination of two of the following factors:[br][br]Something you know[br][br]Something you have[br][br]Something you are[br][br]Something you know is your password, so 2FA always starts there. Rather than let you into your account once your password is entered, however, two-factor authentication requires a second set of credentials, like when the DMV wants your license and a utility bill. So that’s where factors 2 and 3 come into play. Something you have is your phone or another device, while something you are is your face, irises, or fingerprint. If you can't provide authentication beyond the password alone, you won't be allowed into the service you're trying to log into.[br][br]So there are several options for the second factor: SMS, authenticator apps, Bluetooth-, USB-, and NFC-based security keys, and biometrics. So let’s take a look at your options so you can decide which is best for you.[br][br][strong]Two-factor-authentication: SMS[/strong][br][br][br]
[br]When you choose SMS-based 2FA, all you need is a mobile phone number.[br][br][strong]What it is:[/strong] The most common “something you have” second authentication method is SMS. A service will send a text to your phone with a numerical code, which then needs to be typed into the field provided. If the codes match, your identification is verified and access is granted.[br][br][strong]How to set it up:[/strong] Nearly every two-factor authentication system uses SMS by default, so there isn’t much to do beyond flipping the toggle or switch to turn on 2FA on the chosen account. Depending on the app or service, you’ll find it somewhere in settings, under Security if the tab exists. Once activated you’ll need to enter your password and a mobile phone number.[br][br][strong]How it works:[/strong] When you turn on SMS-based authentication, you’ll receive a code via text that you’ll need to enter after you type your password. That protects you against someone randomly logging into your account from somewhere else, since your password alone in useless without the code. While some apps and services solely rely on SMS-based 2FA, many of them offer numerous options, even if SMS is selected by default.[br][br]
[br][br]With SMS-based authentication, you’ll get a code via text that will allow access to your account.[br][br][strong]How secure it is:[/strong] By definition, SMS authentication is the least secure method of two-factor authentication. Your phone can be cloned or just plain stolen, SMS messages can be intercepted, and by nature most default messaging apps aren’t encrypted. So the code that’s sent to you could possibly fall into someone’s hands other than yours. It's unlikely to be an issue unless you're a valuable target, however. [br][br][strong]How convenient it is:[/strong] Very. You’re likely to always have your phone within reach, so the second authentication is super convenient, especially if the account you’re signing into is on your phone.[br][br][strong]Should you use it?[/strong] Any two-factor authentication is better than none, but if you’re serious about security, SMS won’t cut it.[br][br][strong]Two-factor authentication: Universal second factor (security key)[/strong][br][br]
[br][br]As their name implies, Security keys are the most secure way to lock down your account.[br][br][strong]What it is:[/strong] Unlike SMS- and authenticator-based 2FA, universal second factor is truly a “something you have” method of protecting your accounts. Instead of a digital code, the second factor is a hardware-based security key. You’ll need to order a physical key to use it, which will connect to your phone or PC via USB, NFC, or Bluetooth.[br][br]You can buy a Titan Security Key Bundle from Google for $50, which includes a USB-A security key and a Bluetooth security key along with a USB-A-to-USB-C adapter, or buy one from Yubico. An NFC-enabled key is recommended if you’re going to be using it with a phone.[br][br][strong]How to set it up:[/strong] Setting up a security key is basically the same as the other methods, except you’ll need a computer. You’ll need to turn on two-factor authentication, and then select the “security key” option, if it’s available. Most popular accounts, such as Twitter, Facebook, and Google all support security keys, so your most vulnerable accounts should be all set. However, while Chrome, Safari, and Microsoft’s Edge browser all support security keys, Apple’s Safari browser does not, so you’ll be prompted to switch during setup.[br][br]Once you reach the security settings page for the service you're enabling 2FA with, select security key, and follow the prompts. You’ll be asked to insert your key (so make sure you have an USB-C adapter on hand if you have a MacBook) and press the button on it. That will initiate the connection with your computer, pair your key, and in a few seconds your account will be ready to go.[br][br][strong]How it works:[/strong] When an account requests 2FA verification, you’ll need to plug your security key into your phone or PC’s USB-C port or (if supported) tap it to the back of your NFC-enabled phone. Then it’s only a matter of pressing the button on the key to establish the connection and you’re in.[br][br]
[br][br]Setting up your security key with your Google account is a multi-step process.[br][br][strong]How secure it is:[/strong] Extremely. Since all of the login authentication is stored on a physical key that is either on your person or stored somewhere safe, the odds of someone accessing your account are extremely low. To do so, they would need to steal your password and the key to access your account, which is very unlikely.[br][br][strong]How convenient it is:[/strong] Not very. When you log into one of your accounts on a new device, you’ll need to type your password and then authenticate it via the hardware key, either by inserting it into your PC’s USB port or pressing it against the back of an NFC-enabled phone. Neither method takes more than a few seconds, though, provided you have your security key within reach.[br][br][strong]Two-factor authentication: Biometrics[/strong][br][br]
[br][br]Nearly every smartphone made today has some form of secure biometrics built into it.[br][br][strong]What it is:[/strong] A password-free world where all apps and services are authenticated by a fingerprint or facial scan.[br][br][strong]How to set it up:[/strong] You can see biometrics at work when you opt to use the fingerprint scanner on your phone or Face ID on the iPhone XS, but at the moment, biometric security is little more than a replacement for your password after you login in and verify via another 2FA method.[br][br][strong]How it works:[/strong] Like the way you use your fingerprint or face to unlock your smartphone, biometric 2FA uses your body's unique characteristics as your password. So your Google account would know it was you based on your scan when you set up your account, and it would automatically allow access when it recognized you.[br][br][strong]How secure it is:[/strong] Since it’s extremely difficult to clone your fingerprint or face, biometric authentication is the closest thing to a digital vault.[br][br][strong]How convenient it is:[/strong] You can’t go anywhere without your fingerprint or your face, so it doesn’t get more convenient than that.[br][br][strong]Source[/strong][br][br][a href="https://www.pcworld.com/article/3387420/two-factor-authentication-faq-sms-authenticator-security-key-icloud.amp.html"]PCWorld[/a] |
|
发表于 2019-04-11 17:22:04
收藏
Like
Stick Card
Jack
楼主
