Today the NCSC has published new guidance that describes how to set up two-factor authentication (2FA) – also called ‘two-step verification’.
Now, you may be thinking we’ve already released this, but that guidance was only for organisations. We wanted to produce a separate piece of 2FA guidance for the personal accounts you use at home.
We all have online services that are important to us, and which are protected by passwords – perhaps email, social media accounts, online banking, or gaming accounts. I’m sure you can think of accounts where it would be really painful if you discovered that your passwords had been hacked by cyber-criminals.
Unfortunately, however good your passwords are, they can only provide so much protection. They could be stolen from your service provider or from your phone, tablet or laptop. Or you could get tricked into revealing them. This is why we want more people to use 2FA, both at work and at home.
Why do we want this? Because 2FA is the single best thing you can do to improve the security of your important accounts.
Accounts that have been set up to use 2FA will require an extra check, so even if a criminal knows your password, they won’t be able to access your accounts. This is reassuring if you suspect some of your passwords aren’t as strong as they could be, or you’ve re-used them across different accounts, or you worry that (like anyone) you may one day fall for a scam email that reveals your password to a criminal.
When setting up 2FA, the service will ask you to provide a ‘second factor’, which is something that you (and only you) can access. This could be a code that’s sent to you by text message, or that’s created by an app. Some types of 2FA provide more protection than others (because the second factor is more difficult to steal), but since any 2FA is better than none, you should use 2FA wherever you can. It only takes a few minutes to set up for each account, and it’s well worth it for the amount of additional protection it gives you.
We hope you are now inspired to set up 2FA wherever you can, and that the option to set up 2FA becomes more widespread across services. Please let us know what you think of this guidance using the comments below, using our Contact us page, or by sending us a message on Twitter or LinkedIn.
Source: National Cyber Security Centre