(2FA)
What Is It
Popular implementation of Multi-factor authentication
Something you know
Something you have
Something you are
Something you know
Password
PIN
Secret Question
Something you have
Cell Phone (Authenticator App)
Security Token
Smart Card
Something you are
Fingerprint
Retinal Scan
Why Use It
Hackers need more than just your password
Password essentially useless without 2FA code
Threats to Passwords
Phishing
Shoulder Surfing
Keylogging
2 Factor Authentication - Options
Google Authenticator App
SMS
Hardware Token - Yubikey
Google services example
LastPass Authenticator Example
Downsides
Need code when signing into account from untrusted computer
But, some services generate one-time use tokens
What sites offer It
All the "big sites":
Google services
Amazon
eBay
Microsoft services
Apple services
What services offer It
twofactorauth.org
Corporate Use Cases
+
P@sswo4d123 =
When logging on to workstation...
Corporate Use Cases
Widespread support with ERP software
Caution
If you have 2FA enabled and received a code without requesting, change password ASAP
In Conclusion
Enable 2FA on every service you can
Encourage employers to implement
Questions?