Two Factor Authentication (also known as 2FA, Multi-factor authentication) is a security tool that acts as a layer of added protection to your password. It is, in essence, a code like an ATM PIN, typically consisting of 4 to 6 digits, only usable once per login.
Many popular websites such as Facebook, Gmail, Dropbox offer mobile phone-based authentication either by QR-code, push-based authentication or SMS.
With an ever-increasing mass password theft and improvement in brute-force hacking technology at an all-time high, 2FA is a handy tool for users to help protect their accounts from hackers.
Why should you Back up your Authentication codes?
While very convenient, this causes a problem too. What if you lost your phone or it gets in the hands of someone who might misuse your data? Loss and theft are risks that can have repercussions beyond imagination.
Enter, backup codes.
When setting up 2FA, sites often provide you with a choice of authenticator backup codes or a programmed backup 2AF USB drive. In case you lose your phone, You can use these codes or USB key drive to regain access to your accounts.
How do they work?
The authenticator follows one-time password only” which is time-based and has the following components:
- A shared secret code (a sequence of bytes)
- An input derived from the current time
- A signing function
Shared Secret code: The shared secret code is shared with you when you first set up your 2FA via text codes on E-mail, text, manually copied or QR code, which you can scan and save locally The server also stores a set of its keys to compare with yours when you try the authentication process.
Input (Current Time): The input time value is transferred from your phone, tablet or PC to the servers to check the validity when the key is used. It is essential to keep your clock accurate. No further data is needed from the servers form this point onwards.
Signing Function: Now comes the fun part. The signing function utilises cryptographic ‘hash-based message authentication code’ (HMAC) to sign in. HMAC is an algorithm that can verify authenticity by generating output code using two passes of hash computation with the given backup codes and the time. These are generated and compared with the server’s code(also known as a “secret handshake”).
You type in these pre-provided codes or plug in the USB key when prompted and you’re in. We strongly advise you to back up these codes securely for a rainy day.
Ways to back up your codes
Backing up your codes can grant you secondary access to the 2FA in dire situations you can:
- Back-up the codes onto your PC.
- Back-up the codes onto a cloud storage service.
- Physically printing or writing them down on paper.
- By using specialised apps to back up your code.
- Opting for the USB key method as its much easier to maintain.
Be careful never to leave unattended or lose these codes/USB key as they are your last resort if you lose your phone.
You can also use specialised apps to authenticate and backup even your codes, here are a few good ones.
LastPass is primarily a password manager, but it also has an inbuilt authenticator and even a standalone authenticator app for your backup and authentication needs it also supports cloud storage and sync.
LastPass is available on PC, MAC, Android, and IOS.
Authy is a specialised authenticator and backup application that would make the process much easier and safer it supports cloud storage and sync.
Authy is available on PC, MAC, Android, and IOS.
If you haven’t activated 2FA, we strongly advise you to do it if you value your online data and identity.
Keep in mind that 2FA is an added layer of security to a traditional password that can help you secure your account from hackers. However, it’s not a foolproof method of security as technology evolves this too will be defeated sooner or later. But now you know how to add an extra layer of protection and how and why you should back them up.