How good are your password security practices? Are you using weak passwords like password123? Good online security practices are crucial to prevent identity theft, fraud, and other cybercrime. If your password is weak, easy to guess, or has been compromised, it can be used by hackers or cybercriminals to gain access to your online accounts. Once they have access, they may be able to steal personal information, and financial data, or even take over the account entirely.
By practicing good online security, such as using strong, unique passwords for each account (see the Bitwarden section of this post), changing passwords regularly, and using two-factor authentication (2FA), you can greatly reduce the risk of your accounts being compromised. Additionally, it’s important to avoid using the same password across multiple accounts, as this can increase the risk of multiple accounts being compromised if one password is breached.
If I’m being completely honest, I’ve downloaded more than a few 2FA apps on my iPhone over the years and then proceeded to forget what accounts they were supposed to help me secure. Helpful, right?! Thankfully, I can’t recall ever being fully locked out of an account due to this forgetfulness. But let’s not depend on dumb luck. It’s time to learn what 2FA is and why and how to use it as part of your normal online routines.
What is 2FA?
Two-factor authentication (2FA) is a security process that requires you to provide two different forms of identification to access an online account. Typically, this involves providing a password and a second form of identification, such as a fingerprint scan, a security token, or a one-time code sent to a user’s phone or email (like when the bank texts you a 6-digit number). 2FA provides an extra layer of security to online accounts, making it more difficult for hackers to gain access to sensitive information.
It can also be a pain in the butt if you set up 2FA without knowing what you’re doing. Having some go-to tools can help you hone your online security defenses and keep your accounts safe (or safer) from hackers. Two tools I’ve come to rely on over the last couple of years are the FreeOTP app and a YubiKey.
FreeOTP
OTP stands for one-time password. FreeOTP is a mobile app that provides an extra layer of security when you log into online accounts. It generates a unique code that you need to enter along with your regular password to log in. This makes it more difficult for hackers to access your accounts, even if they have your password.
FreeOTP is easy to use – simply download the app to your smartphone, set it up with your online accounts, and it will generate a code that you can use to log in. Just don’t forget that you used FreeOTP to set up that second layer of authentication.
FreeOTP is sponsored and officially published by Red Hat.
Yubikey
YubiKey, the inspiration for this post, is a small hardware device that provides an extra layer of security when logging into online accounts. Similar to FreeOTP, it generates an OTP after you tap it or by using near-field communication (NFC). I use my YubiKey 5C Nano multiple times every day, and recently purchased a second one to keep on my keychain — the YubiKey 5C NFC.
YubiKey is easy to use – simply plug it in or hold it close to your phone when prompted to enter a code during login. There are different types of YubiKeys, with some requiring you to physically touch the device to generate a code.
YubiKey is a great tool for those who want to add an extra layer of security to their online accounts. YubiKey is compatible with Google, Facebook, Twitter, Dropbox, and a host of other services shown below.
Potential downsides
While 2FA is generally recommended for improving online security, it’s not a perfect solution. Potential downsides to using it include the general inconvenience of an additional login step and reliance on a mobile device or physical key to log in. What if I lose my YubiKey? What if my phone battery is dead? Unlikely, but not impossible. In my opinion, each person has to determine where they land on the scale between ease of access and uber-secure accounts.
By using FreeOTP and/or a YubiKey, you can have greater peace of mind knowing that your personal and sensitive information is better protected from potential cyber-attacks. Is it one more thing to manage? Sure! But it’s better than managing the aftermath of getting your bank account hacked.