Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Two factor authentication isn’t perfect — but it’s desirable

Two factor authentication isn’t perfect — but it’s desirable

These days we’re expected to have passwords for just about everything. Our social media accounts need a password. So do our email accounts, our online banking and much more.

I’ve written in the past how it’s a very bad idea to use the same password for multiple services. The easy solution there is to use a password management app. This lets you keep track of many passwords with ease.

A good password is a bit like a simple lock. It’ll keep most simple thieves out, but not everyone.

A good password won’t help if the service you have the password with has a large-scale security breach.

It’s like having the keys you use to keep your home or goods secure with copied many times. What’s worse, if the service you’re using doesn’t tell you there’s been a breach, you may not know that your password is no longer secure.

There’s even a secondary problem here. There’s an entire (and entirely illegal) business model in sending threatening emails that appear to contain your passwords and scaring folks into paying blackmail money via cryptocurrencies.

They’re essentially a bluff. Your password may have fallen out of a public leak of databases, but they’re rarely tied to any account. Threats of taking over your webcam and recording you aren’t particularly credible if you’ve got an otherwise well-secured PC with up-to-date security patches and anti-virus software running.

The general solution that many services propose is the use of multi-factor authentication.

This switches from using only a password to a password and some other form of authentication system.

This could be a one-time SMS messages, apps such as Google Authenticator or fob or USB key that generates a secure code when used.

The idea here is that even if your username and password are compromised – whether it’s your fault or not – there’s a second layer of protection in play. To go back to the lock analogy, you’re adding a second lock to your front door to ensure that only you can gain access.

Now, it’s important to note that multi-factor authentication isn’t 100% secure.

If somebody’s determined enough to target you – and if they’re ready to spend time and money doing it – the risks are higher.

That’s more of a concern for folks with more of a risk profile – so, for example, celebrities, those involved in politics or more lucrative businesses or journalists – than it is for the mass population.

You’re far more likely to hit with a mass attack, run by a software bot than a targeted attack.

Still, you might be wondering how secure that kind of extra authentication actually is.

Google recently ran a study into the level of security you get adding one additional factor of authentication is to an account.

In its study, using relatively simple 2-factor authentication (so password+one other locking mechanism), using an SMS code blocked 100% of bot-based attacks, 96% of bulk phishing attacks and 76% of targeted attacks.

SMS codes can be intercepted and tweaked, so Google’s recommendation there is to use an on-device prompt instead. This goes only to a pre-arranged phone device, so only you as the holder of that phone can access it. By switching to that, 100% of bots, 99% of bulk attacks and even 90% of targeted attacks were blocked in Google’s study.

Quite which type of authentication factor you can add to an online account will vary depending on what each provider supports.

It’s worth talking to your bank, email provider and others about adding at least one extra factor of authentication for those accounts that you really want to keep secure.

Yes, it’s a little more work to undertake, but it’s also smart work that can save you significant heartache and avoid potential financial loss down the track. A few seconds more to log in and really make sure that you are who you say you are is a pretty small price to pay in return.


Recent News

Google recently updated the smaller of its two smart displays, the Google Nest Hub, with a 2nd generation model that doesn’t change much visually if you’ve ever seen the original model. For those coming to the party late, Smart Displays are effectively smart speakers – think devices like the Google Nest Mini, Amazon’s Echo speakers

As our lives become increasingly more remote and location independent, the need for mobile devices is on the rise. Many Australians enjoy using multiple mobile devices – such as a smartphone, tablet and computer – to live their lives. Whether it’s responding to work emails, transferring money to a friend or tracking your steps on

Ever since Microsoft released Windows 10 – which was, astonishingly, all the way back in mid-2015 – the company has resisted the urge to shift to Windows 11, or indeed any other full “update” to Windows over that time. That’s a long time in the Windows world; after all, the predecessor version of Windows 10,

Samsung recently sent me one of its lower-cost SSD drives, the Samsung SSD 980 NVMe M.2 to test out. Drives like this one are designed for PC builders and upgraders looking to eke out as much performance from their PCs as possible, but I was curious to see what kind of impact it might have

Coronavirus (COVID-19) Update

Learn about the precautions we are taking and our new contactless pick-up and remote service options. Read More
Get help setting up your home office or homework area today. Learn More