What's Two-Factor Authentication (2FA), and how to start using it today
2-Factor Authentication (2FA) has become a standard for improving account protection and access to services. The National Cybersecurity Center (NCSC) recommends 2FA for high-value accounts for hacker groups, such as system administrators, people working in government, the financial sector, and critical services.
What is 2FA, and how does it work?
In a nutshell, as the name suggests, two-step authentication is an additional step to the password for a user to authenticate, eliminating the risks associated with a compromised password.
If a hacker attacks, captures or guesses a weak password, it is no longer sufficient to enter the system because he will need approval on the second factor, which is usually changeable or depends on manual confirmation.
There are many different authentication methods, but in general, they all work similarly:
First, the user enters their name and password.
Then, the password is validated on a server, and the user becomes eligible for the second factor if it is correct.
An authenticator service generates and sends a unique code to the user, usually to his email or a separate application.
The user confirms his identity with this code.
Upon successfully entering both identification factors, the user can access the system.
As mentioned above, part of the secret to making a second authentication factor secure is that it generates a unique code and sends it to the user through a channel completely independent of the original system, making it difficult for a potential attacker to intercept that confirmation.
To ensure the generated code is valid, it must be synchronized with a code on the site that sends the request, usually through a QR code, which will create encryption that will only affect a specific service for a limited time.
Among the most popular programs to generate authentication codes are:
Google Authenticator ( Recommended )
It is a completely free program, functional, and has a large user base. In addition, it supports multiple accounts to authenticate and is easy to use.
1password is a popular password manager with built-in authentication and code generation for 2FA. Even in its desktop version, it can read QR codes from the screen. If you already use 1Password, you only need to activate this functionality.
Finally, if you prefer Microsoft's alternative, you can use Microsoft Authenticator with good encryption and security support, available for Android and iOS.
Enabling 2FA in Modyo
Modyo has native support for two-step authentication; activating it only takes a few minutes.
Any administrator of a modyo system can force every user to use the two-step authentication found in the Settings > Security section.
Once this option is enabled and saved, all system users can access it only through a two-step authentication process.
Once an administrator enables two-step authentication, you have to
1 - Download one of the authenticators mentioned above. If you don't know which one to use, google authenticator is the best option.
2 - Login with your username and password
3 - Scan the QR code the system shows you to synchronize your authenticator with modyo.
4 - If this is the first time you are performing the process, you must re-enter your username and password to verify your identity.
5 - When the system asks for it, you must insert the code generated by google for the site you are working on. Be careful, if you take too long, the code will be generated again, and you must insert the most recent code.
Now your site is protected from third-party attacks and password loss.