In a world where we got used to entering the same password for every service we sign up to, and where we allow systems to memorize our keys, two-factor authentication becomes a vital tool to protect access to our data.
On this page, you’ll find:
Nice introduction, but… what is two-factor authentication?
In a nutshell, two-factor authentication (2FA) is a method that adds an extra layer of security to verifying your identity when you log-in: by asking you to use two different authentication methods successively, it protects from strangers who know your password and from brute force attacks.
We’re generally used to log-in by entering our usernames and a password, this process is called single-factor authentication. When we talk about 2FA two types of credentials are required in order to access our account. These are the different types of verification used as 2nd step:
We have defined what two-factor authentication is, but why is it so important?
We surf on the internet every day and are progressively more and more dependent on it. We become so immersed in the flow of things that we act automatically. This means becoming impatient at the drop of a hat, and it also amounts to using the same password for every service we sign up to with the aim of emptying our minds while we pursue mental-recharging between repetitive clicks on our social media channels.
But when we use the very same password for our Snapchat and cloud account the chasm is crossed. It’s time to come back down to earth: the exact key, used to access a service that can be easily spoiled, is a very weak point that can lead to our data being stolen by strangers (or even an entire company if just one employee is a victim).
Then, two distinct scenarios can occur:
This is the point in history where 2FA comes into play to protect your identity and private information.
Two-factor authentication can’t save your life, but what about your file?
Of course it can’t save your life, but it is another important brick added to your security wall. Here are some precautions to make the most out of 2FA protection.
Have you ever used SMS for your 2-factor authentication? Do not repeat this mistake again.
The original idea was that, if you add an additional authentication code which arrives to your smartphone, you’ll be safe since hackers have to physically steal it. The reality is quite different: it’s simple for a e-thief to move your phone number to another device, and then it is really easy to access your account. All you need is to know your mobile number and the last 4 digits of your Social Security code.
Think now if just one employee is fooled by this: all the company’s data becomes public in a matter of seconds due to human error (this is the cause of 90% of data breaches, so it’s better to prevent it!).
As with anything in life, your data can be protected by multiple layers of security and 2-factor authentication. However, this doesn’t mean that your information is invulnerable.
In fact, if your device is stolen you need to take immediate action through other means in order to protect your data from theft.
It’s 2021 and this is no longer Sci-fi stuff. We give so many permissions to access services that even our own identity marks have become a weak point.
Attackers won’t cut your finger (maybe…), but they will certainly be able to copy your fingerprint and “2-factor’s authenticate” themselves. Beware what type of 2-step verification you use.
Related reading: How to protect your privacy online: 5 actionable tips!
Two-factor authentication doesn’t just mean having a second password, that would have implied the same weaknesses. What differentiates 2FA is the concept of “factor”: an additional way in which you prove your identity to the system. It can also be a password, but, as already mentioned a few lines above, it’s better to use a completely different way.
Below we will consider some real-life examples of how does two-factor authentication work.
Credit cards use 2-factor-authentication: in order to complete a transaction you need to own the card (1st factor - something you have) and know your Personal Identification Number (2nd factor - also known as the “PIN code”, something you know).
This is why PINs are so simple (consisting of only 4 numeric digits):
For online payments, cards always use only one factor (i.e. data printed on the card itself). This is a risk because anyone who gets their hands on them could potentially place an order at your expense, which is why there are systems like mobile confirmation or 3D secure PIN: these are 2FA systems to protect you (and your money!) from unwanted scenarios.
Prior to 2017, Google employees relied on a single-use key sent by Google Authenticator as a 2nd authentication factor. In contrast, this new Security Key process allowed the user to log-in easily and securely by inserting the USB and clicking a button.
As a result, none of its 85,000 employees have been victims of phishing since it adopted the keys.
N26 is a Berlin-based neobank which provides customers with a free basic account and a debit card. In this scenario it’s not that uncommon for an irregular bank transaction to happen, especially with fully online services. That’s why N26 allows location tracking: this way it can immediately detect stranger transactions and block them.
However, this system can be fooled by tools like VPNs: that’s why N26 adopts location-based authentication as a complementary part of more broad adaptive authentication systems, a way that smartly considers different elements along the context of the authentication process, authenticating the user in a smooth way.
We have just seen some examples of how does two-factor authentication work. In the next section we will see how it can be implemented to make a system more secure and avoid cyber loopholes.
Cubbit is the first distributed cloud storage: thanks to its zero-knowledge p2p architecture it’s an ultra-secure service where no one, not even the service provider can access your stored data.
Although we offer the most secure service on the market, it’s important not to forget the simple act of logging-in with just a password and a username, the only way to access your private data. That’s why we are announcing the new “two-factor authentication” feature.
Two-factor authentication protects access to your account (and your private data), from outsiders who know your key and hacker attacks (i.e. brute force, guessing…) by adding a 2nd step to your identity verification.
But how does two-factor authentication work with Cubbit? Below are the steps to set it up - once done you can access the cloud securely, within two clicks:
N.B. Before proceeding with the steps, I ask you to choose an application that delivers you a unique authentication key every time you sign into Cubbit.
You can choose among different applications: Authy, 1Password, Last Pass Authenticator…
1. Log-in to the Cubbit Hatch web-app by entering your username and password.
2. Click on your name in the top-right of the page.
3. Select “Profile”.
4. Click on “Privacy”.
5. Choose “Enable” in the two-factor authentication section.
6. Enter your current password and click “Next”.
7. A new window with relevant information will pop-up, read it carefully and select “Setup using an App”.
8. You will see the recovery keys on your screen. These can be used as an emergency in case you need to access Cubbit while your authentication key generator (e.g. Authy) is not available.
P.S. Save them in a safe place! Each of these recovery passwords can only be used once.
9. You will need to scan the QR code with the app of your choice (e.g. Authy, 1Password...), creating a unique six-digit sequence. If you don’t have the scanner available, you can click “enter this number” and set it manually on the authentication key generator.
10. Once scanned you will receive a code on the application, similar to the one below.
11. Type this into the six-digit code section and choose “Enable”.
12. Your setting up of two-factor authentication is completed! Enjoy your extra layer of security ;).
How to log-in with two-factor authentication: this is super-simple - every time you’ll log-in on your desktop or web-app, you will be asked for a 2FA code automatically generated by your app. Write it down or use one of the 10 disposable recovery keys if the authentication code generator is not available.
How to disable two-factor authentication: if you want to disable 2FA, simply go back to the “Privacy” section on your web-application and click on disable. You will be asked for your password and that’s it!
We hope you enjoyed the demonstration of how does two-factor authentication work and that you understood why this feature is important for protecting your data. If you have any further questions you can refer to the Help Section on Cubbit website.
To learn more about the security of your data take a look at Cubbit’s zero knowledge cloud storage page.
Subscribe not to miss new articles and updates about Cubbit.
Cinquanta aziende provenienti da tutto il territorio italiano e da svariati settori - servizi, ICT e tecnologia, industria, meccanica di precisione, consulenza, cooperative e consorzi, PA, agroalimentare e FMCG - hanno aderito al programma della startup bolognese membro di GaiaX. Prende così vita, a partire dall’Italia, la prima rete B2B di cloud storage distribuito in Europa.
Wouter is a patent attorney, formerly at Nokia. After the WeTransfer security flaw, he switched to Cubbit for a file backup with end to end encryption.
Intervistiamo Daniele Righi, Chief Innovation & Business Development Officer di Linkem - riguardo alla sperimentazione Linkem & Cubbit per un nuovo paradigma di cloud distribuito.
Learn how you can secure your files in the safest place on the internet - plus subscriber-only special news and offers.