The Myth about Two-Factor Authentication


aka The lie that’s stopped you from more secure online accounts.

For some years we’ve been banging on about Two-Factor Authentication.  ‘2-fac’ is one of the main protections against online hacking and identity theft.

Savvy online users have 2Fac for their main online accounts:  Microsoft/Office 365 account, Google. Facebook, banking and especially any email hosting.  It amazes us when we meet people worried about online security and identity theft who don’t know or won’t consider the one free thing that can substantially boost their online protection.

How important is Two-Factor Authentication?

Both our Windows 10 for Microsoft Office users and Office 2016: the real startup guide have entire chapters devoted to properly setting up Two Factor Authentication.

Yet too many people don’t use Two Factor Authentication … why?

Some recent emails and conversations tell us there’s a major myth about Two-Factor Authentication.

NO SMS/text messaging is required

Despite what you might think or been told, Two-Factor Authentication does NOT require a mobile phone connection to receive SMS/text messages.

That’s right … no mobile phone required.  You can login and get a 2Fac code when there’s no mobile phone signal at all.

The myth about 2Fac and text messaging has stopped people who travel and have different phone numbers as they roam the world.  Or they live/work in places with poor phone reception.  None of those things should stop you use setting up Two-Factor Authentication.

Our head-honco, Peter Deegan, travels the world.

“I always use 2Fac. Switching phone numbers/SIM cards regularly and being in remote places without phone signal makes NO difference to getting authentication codes.”

The wrong notion about SMS and Two-Factor Authentication probably started with early versions of 2Fac which did send the authentication code via SMS/text message.  But that method was clearly not enough and was replaced with a better option.

2Fac Authentication apps

The modern way to get your 2Fac codes is via an authentication app.  This app on your smartphone or tablet generates codes automatically without any online connection.

You need to setup the authentication app for each account, but that’s a simple process.

Whenever you’re asked for a 2Fac authentication code, just open the authentication app and type the displayed 6 or 8 digit code into the web page.

Tech detail: The one-time 2Fac codes change every minute and are generated from a unique combination of the current time, the site you want to login, your account at that site and the unique ID of the device you’re using.

Online Notifications

If your device is connected to the Internet, you might not even need to enter a code.

Some accounts like Microsoft have notifications.  The authentication app will ask for a login approval either Yes/No  or ask to choose from some two-digit options that match one on the login page.

Which authenticator app?

As you can see above, one authenticator app should handle many different accounts from various companies.

That’s because the Two-Factor Authentication system is open-source and widely used across the industry.  Some companies might use a proprietary system but most stick with the known, tested and trusted encryption 2Fac technology.

We use the Microsoft Authenticator which works well and widely.  Not just with Microsoft accounts but also from traditional rivals like Google and Facebook.  The MS authenticator app is available for Android and Apple but not Windows Phone.

Well, maybe for the setup

SMS/text messaging might be necessary during the setup of Two-Factor Authentication.  It depends on the account and the information already saved there.

We’ve always recommended setting up Two-Factor Authentication somewhere with mobile phone and Internet access plus as many of your devices as possible.  It makes the initial setup easier to have everything in each reach.

Setting up Two-Factor Authentication is a bit of a pain … but it’s absolutely worth the time and trouble.