What is 2FA & How does it work?
Some of our posts may have affiliate links including this one. That means if you make a purchase I may get a commission (at no extra cost for you). To find out more about it read our Disclosure page
If you have seen 2FA, or Two-Factor-Authentication being mentioned in the cryptocurrency space and you are wondering what it means and if you should use it then you are at the right place.
2FA (or Multi-Factor-Authentication) is basically an added security layer for your account. This is popular amongst both cryptocurrency exchanges and cryptocurrency wallets to have implemented this security feature.
Investing in cryptocurrencies can be exciting and potentially very lucrative. The potential to see some incredible gains have attracted many people to this space.
And unfortunately, many of them lacked the proper knowledge on how to securely store their coins and tokens.
In fact, the overwhelming risks of hacks and theft in this space is often caused by poor knowledge and lack of security features in place amongst these investors.
And then we can suggest that whenever possible you should add 2FA to all your accounts. This could potentially save you from being robbed or hacked.
Ok so let me explain a bit more about 2-factor authentication and how you can set it up now for all your crypto accounts.
What is 2FA and how does it work?
As I mentioned earlier 2FA is a form of added security layer. You know how you usually have your email or a username and a password to login to your accounts today?
This is common practice at any online account, in or outside the crypto world.
And unfortunately there are very common risks to using just a username and password.
- You have set an easy-to-break password, perhaps like ‘password’, ‘123456’, ‘qwerty’, etc. All of these can easily get hacked if someone knew your email address
- Your email and password have been hacked at another site. Sites get hacked all the time, and unfortunately, that means users passwords and usernames (emails, etc) get hacked too. So if you are using the same username and password at multiple sites then your funds are in risk
So what a Two-Factor-Authentication does is that it adds another security layer, so not only the username and password is needed but also this security layer.
And this can come in various forms, common examples are One-Time-Password (OTP), for example, used with Google Authenticator (Appstore + Google Play), Microsoft Authenticator and Authy applications, or simple text messages to your phone or email.
Traditionally 2FA is common not only in the cryptocurrency world, other examples of this is how ATMs work.
With those you typically have both your bank card and your pin code. So this is an example of 2FA security layer that is tied to this specific account and with two factors, the bank card and the pin code.
2FA can be confirmed and used in multiple ways but it is commonly verified by these common factors confirmed by the user:
- Something they know = A code like a pin code, a secret password or phrase or answer to a security question
- Something they have = It could be a phone or an app, email address or bank card
- Something they are = These are biometrics and today we have fingerprints, facial recognition and voice recognition used (source)
Different types of 2FA solutions
As I mentioned in my examples above there are different types of 2FA used by many websites and applications today.
- 2-Factor Authentication apps (recommended)
- SMS-based Authentication
- Email-based Authentication
- Push-notification Authentication (not commonly used)
As you can see there a few common options for online Two-Factor-Authentication. But unfortunately there are very common risks and downsides to some of those on that list.
Specifically SMS and email comes with risks.
Where emails have often been hacked or exposed to hackers and criminals through the repeat usage of the same emails and hacks to various websites.
So using an email as your 2FA is not recommended.
And phones suffer from similar security concerns.
They can be cloned, and SMS doesn’t run over an encrypted network or with any specific encryption added. Sim clones, Sim swap scams, or even potentially so cell-phone maintenance personnel can read SMS texts.
So using SMA-based 2FA is not recommended.
So that leaves us with 2FA apps, as push notifications aren’t widely used or safer.
And here there are a few common apps that you could use:
These are the three main apps used by people in the crypto space (or outside) today.
You can also use open-source projects if this is of interest to you. Some examples of open-source 2FA apps are:
(As a way to follow the guidelines for super-privacy focused readers I will not link to these services but you can Google / Bing them and find the sites yourself).
These are all free to use and work in a similar way.
It works similar with Microsoft Authenticator and Authy.
When you log in to your account (cryptocurrency exchange in this example), you use a username and password and then the exchange asks you to enter a six-digit code or OTP. And you have to enter it within a specific time limit.
Each code is random and it only works for a limited amount of time, such as 10 seconds. And after that the code is no longer valid and you have to use a new random code.
So with Google Authenticator, Microsoft Authenticator, Authy or the open-source services you get a six-digit code and then you will need to enter that code on the exchange (Coinbase, Binance, KuCoin, etc) within the time limit.
If entered correctly and within the limit you will be logged in.
Two-Factor-Authentication codes and apps are often required by many cryptocurrency exchanges.
So in order to use the 2FA apps with exchanges, wallets or other accounts you will first need to create a new unique 2FA-account.
You will with these apps get a unique backup code that lets reset your accounts in the case of a lost, stolen or broken phone.
So it is extremely important that you keep a safe copy of your 2FA-backup code. Otherwise you run the risk of not being able to enter your account again. Although most crypto exchanges lets you reset it with proper KYC checks done.
Why you should use 2FA – the benefits of Two-Factor-Authentication
So is it worth the extra hassle you might wonder? And are you really in the risk of getting hacked?
I think everyone who ever got hacked or stolen from thought the same before it happened. No one thinks it will happen to them, until it does.
And when it does it is too late.
So why wouldn’t you want to try and limit does risks by using 2FA with crypto? if you use one of these apps that I mentioned it literally means an additional 5-10 seconds necessary when logging in.
And potentially it could help you keep your cryptos safe from hackers and thieves. So isn’t 5-10 seconds extra work the least you could do? I think so and I use 2FA along with other security methods to protect my cryptos.
The benefits of using 2FA (Multi-Factor-Authentication)
1 ) Added security
The obvious aspect is of course the added security layer and protection it enables. You will significantly diminish the risks of having your money stolen or getting hacked by adding 2FA.
So for me it is a no-brainer and it is something you need to do right now, on all your accounts.
2 ) Increased mobility and accessibility
With 2FA added IT security firms and digital businesses can boost with improved productivity by enabling the possibility for their user and employees to access important information and communication channels via 2FA remotely.
Working from home or remotely is becoming increasingly popular and 2FA enables this.
3 ) Reduced data theft
It is not only your money that is in the risk of getting stolen. Nowadays our personal data is of similar value. And therefore protecting your data is becoming as important.
Hacker, thieves and criminals are not only looking to steal your money but also your data. The commercial side of personal data is gigantic and therefore the importance of using 2FA to protect your data is as important as your cryptos.
2FA is one of the best ways to reduce common cyber crimes such as identity theft, hacking and phishing.
4 ) Reduced operational costs
With 2F Authentication organisations and businesses can also not only boost of improved productivity but also reduced costs.
With increased access and mobility amongst the workforce and better IT methods in place the current IT-cost for business can be greatly reduced.
With improved access to the data, products, servers and other corporate environments anyone can work from anywhere and at anytime without burdening the IT professionals or calls to help desks.
With as many as 35-40% of all calls are password-related and 2FA could greatly reduced those issues with those sign-in methods.
Conclusion – you need to enable 2FA now!
So no matter who you are, a common cryptocurrency user and investor or business owner enabling 2FA in 2020 is a no-brainer and something you need to do right now!
It can greatly improved the security methods and help to protect your funds. So I urge anyone reading this article and who are not using 2FA today with their cryptocurrency accounts and holdings to enable it directly.
It can be the difference between getting all your money stolen or protecting it.
Other security tips that I would like to share with you all are:
- Keep a safe backup copy of all your important codes, seeds, and passwords. Don’t be lazy and ignore this part. Just do it.
- Not your keys = not your coins. No matter how attractive it might seem to leave all your cryptocurrencies on an exchange. If you don’t own and have the sole access to your private keys then you will always have a greater risk of your cryptos being stolen
- Use a safe and secure hardware wallet like the Ledger or Trezor wallets. It is one of the best investments a crypto holder can do to protect their money – buy one now!
Other guides we recommend
- What is a crypto market cap – All you need to know!
- The best way to investing in cryptocurrency
- How to buy Bitcoin with PayPal
- Most popular privacy coins
- How to buy XRP with a credit/debit card
Hello and welcome to Go Cryptowise.
My name is Per Englund and I’m a long-term fan and investor of Bitcoin and other cryptocurrencies. I’ve been around the space for a good few years, learning how it all works and to be a part of this engaging community.
Now it’s time for me to share my experience with others. I am also a business and product developer so I know first-hand what it takes to create a successful product, brand and customer experience.
And I am bringing this vision to my writing and how Go CryptoWise work.
Connect with me on LinkedIn. Ask me anything on here.
Get in touch with me to find out more about Go CryptoWise and what we care about.