Two Factor Authentication

Visit our Multifactor Authentication page to find out more about the MFA project going on for March and April 2022.

Visit the Google 2 Step Authentication Page to setup two factor authentication with your Google account.

Strengthen Your Security With Two Factor Authentication

“Two-factor authentication” has been mentioned frequently in recent news about website breaches and phishing scams.  It’s a very technical-sounding phrase, but it is very important in today’s internet-driven world.  But what is two-factor authentication, exactly, and why is it important?

What is two-factor authentication?

Two-factor authentication is a general term to describe the use of two “factors” when logging in to a website or application, such as a bank’s web portal or LakerApps email. The three types of factors are:

  • Something you know (PIN, password, or swipe pattern)

  • Something you have (a cell/smart phone, an ATM card, a token, or other preauthorized device)

  • Something you are (a retina scan, a fingerprint, a facial pattern, or other biometric)

Other terms that refer to the same concept are ‘multi-factor authentication,’ ‘2FA,’or ‘2-step verification.’ Most two-factor authentication, including Gmail’s method, is done with something you know and something you have.

Why is two-factor authentication important?

Passwords are not as strong a security mechanism as they should be, for numerous reasons.  Humans tend to make things easier for themselves and either pick passwords that are simple to remember, or memorize one really good password and reuse it – both of these make a hacker’s job much easier, also.  The number of passwords we need to remember never seems to go down, either – it is always increasing.  Passwords are also the most widely used security mechanism, making them a popular target for hackers.  

With two-factor authentication, hackers need to pass an additional security layer to access your account, even if they steal or guess your username and password.  Using more than one factor to login provides additional assurance that you are who you claim to be, and thusly makes it more difficult for hackers to get your confidential information.      

Most people understand that their data is valuable and requires protection, but it’s important to remember that email accounts deserve protection too, not necessarily because of the data they contain, but because of what can be done with them.  Hackers recognize the value of email addresses - as recently as June 2017, an email address was worth about $2.50 on the black market.  .Edu addresses are more valuable due to their perceived credibility and association with retailer discounts.  Hackers often send phishing emails and spam from compromised email accounts, and may try breaking into other systems by attempting password resets with the compromised email address.  What’s more, email accounts nowadays are not usually just email accounts.  Often, as is the case with Gmail and Office 365, email is bundled with free online cloud storage, communication apps (streaming video, chat), contacts and calendars – hackers would have access to everything in these by compromising “just an email account.”  So, if you don’t want to contribute to the perpetuation of online fraud, or the mountains of spam and phishing emails, you should secure your email accounts with two-factor authentication.  

What should you do about using two-factor authentication?

Two-factor authentication is available for your LakerApps account, although Google refers to it as 2-Step Verification.  Everyone in the SUNY Oswego community has a LakerApps account, so everyone should enable 2-Step Verification, even if they don’t use their account frequently.   

Two-factor authentication is also highly recommended for the following types of websites and online services:  

  • Email (Gmail, Office 365, Yahoo, Hotmail)

  • Banking and financial (PayPal, your bank’s web portal)

  • Social media (Facebook, Instagram, Pinterest, LinkedIn)

  • Cloud storage (Dropbox)

  • Shopping (Amazon, eBay)

  • Password managers (LastPass, KeePass)

  • Productivity and communication apps (EverNote, Skype, Trello, WhatsApp)

The Turn It On website has more information about which sites offer two-factor authentication, and how to enable it.  The Two Factor Auth List website offers similar information, and also the ability to advocate for better security by sending feature requests to sites that don’t offer two-factor authentication.