If you've ever taken a cybersecurity course, followed the news about spoofing attacks or fallen victim to an account hack, you know protecting your account is evident. Using the same password for every account with no further protection - is an absolute no go. One way of securing access to your accounts is two-factor authentication.
As the name suggests, authentication means that you need to prove that an account is yours. Typically, that's done through usernames and passwords. You log in to a platform, application, or computer through a portal with your credentials - and you're in. Without extra security, there's only one factor needed to prove your identity (one-factor authentication). However, passwords get hacked every millisecond. The infamous haveibeenpwned.com - check if your email account has been breached - also published an RSS feed of company databases that have been hacked into (find it here).
As you can tell, it's not uncommon for accounts to be hacked into. Attackers access your personal data and bank details or use your account with malicious intent. In the world of email SPAM, a big chunk of the fake emails people get comes from or started with a breached company account.
To prevent unauthorized people from gaining access to your account, you add an extra layer (or layers) of security. We typically speak of two-factor authentication when it's one additional layer or multi-factor authentication when it's more or an indefinite amount of security layers.
Two-factor authentication requires users to take one extra step to gain access to their accounts. This can basically be any layer, as long as the environment changes. Typically, 2FA is a verification code sent through SMS or email. They require separate logins and thus provide an extra layer of security. That is, if the password isn't the same, of course.
Another way of authenticating is through authenticator apps. Well-known mobile apps are Google Authenticator and Microsoft Authenticator. A best practice for two-factor verification codes is to use 6-digit codes that change every 30 seconds to a minute. This makes it extremely hard to 'just break into an account.
Another form of two-factor authentication is by sending one-time passwords (OTP). In this scenario, you only have to fill out your username or email address (or however you're known to the platform) and request a one-time password. Much like the verification code, it's a code that allows you to log in to the platform, only valid for a short period. It removes the need for a password, as the security mechanism is just as secure as a verification code. It just saves you one more password to remember!
It's straightforward to add two-factor authentication to your Flowmailer account. Go to the Profile menu in the top right corner (see image). This opens a screen where you can reset your password (do that every so often, too!) and a checkbox for two-factor authentication.
Once opted for 2FA, an email with a verification code is sent to the email address that belongs to this account.
For our Pro- and Enterprise customers, we also offer Single-Sign-On, making the signing-in process and authentication even easier. For more information, reach out to our Business Development team!
With the ever-present threat of account hacking, you must add an extra layer of security to your accounts. Two-factor authentication helps you do that in two of the simplest yet effective ways: