What is two-step authentication?

A few weeks ago, we talked about password management software like LastPass to help organize and secure your login and passwords.  We closed our post with a crucial question, what happens if your password manager gets hacked or what happens when a hacker gets a hold of your Master password to access a service like LastPass?  You need to set up two-step authentication on your most important online accounts at the very least.  Like your password manager, your social media accounts, your email, and your banking.

The video above shows LastPass’ two-step verification app, which is available for FREE.  There are various other apps that can accomplish the same thing but for the sake of keeping things simple, we will focus on LastPass Authenticator.

So what exactly is Two-Step Authentication?

Most of your business online is done using a one-step authentication process.  Typically a password.  So if this step gets compromised, there is nothing to fall back on to ensure account security.  The 2nd step is done through your mobile phone.  Once a user enters a password for a website that is setup for Two-Step, a random 6-digit code will be sent to your cell phone through the LastPass Authenticator app.  Simply enter the code into your browser or tap the green check mark on your app.  Either method confirms the 2nd step and allows you access to your account.

So imagine someone has your password to your checking account.  You took the few minutes of extra time and set up Two-Step with your banking website.  Once the hacker enters your password, the request for the 6 digit code will come up.  You will receive the request on your phone and knowing that you are not online at the moment, you decline access.  The hacker is unable to get any further without your unlocked phone in hand.  The hacker could try to guess the 6-digit code, but they only get 60 seconds or less to figure it out before a new code is generated.  Keeping your account secure while also being alerted that the current password you have set is compromised and needs to be updated.

But what if I lose my phone??  When you setup Two-Step authentication, you will be given access to a few reset passwords.  These will only be generated at the time of startup and cannot be recovered later on.  Print these off (yes, I said print) and store these in a safe place.  These codes allow you to reset access to your Two-Step Authenticator and can be used if you lose your phone and need to reset access.   Some authenticators will ask for a 2nd mobile phone that can be used as a backup to restore access.

In summary, Two-Step authentication should be a must-have feature for yourself and your business.  Do not wait until your online security is compromised to set these things up.  These services are designed to prevent hacking.  We hope this helps you stay secure as your continue to grow your online presence.