🔒 Use Multi-Factor Authentication

TYPE AUDIENCE PRIORITY COMPLEXITY EFFORT COST UPDATED
Conduct 🧑 ⭐⭐⭐⭐ ⭐⭐ 🧑🧑 🆓 2021-06-11

Rationale

What's better than just having a password to access your accounts? Having a second "lock" that only you, as the account owner, has access to! The idea of adding multiple 'challenges' before welcoming a user in is called Multi-Factor Authentication (MFA), and next to having a Strong Password is the best thing you can do to secure your account.

Following the advice to 🔒 Setup an Authenticator for Multi Factor Authentication to our online services, we strongly recommend to also add a second factor to your most sensitive account.

Instructions

What you should prepare

You should have finished to 🔒 Setup an Authenticator for Multi Factor Authentication

What you should do

1. Make a list of all your sensitive services

Make a list of all the sites / apps / services you use which you would want to add extra protection to. I.e. the list would include everything that if an adversary had access to it, they could compromise you or harm your interests. Typical entries on the list would be Email, Social Media, Work accounts, and anything that involves money.

2. Lookup your service in the 2FA Directory

Pasted image 20210804134851.png

Visit the 2FA Directory and see which of the entries on your list support 2FA. Most major technology companies will support it.

Pasted image 20210804134922.png
So for example, when looking up "Face" in the search bar, it shows us that indeed, Facebook supported "SMS", "Hardware token" and "Software tokens".

The Authenticator apps we've setup provide an Software Token, so that is the ✅ you are interested in.

Advanced: If your organisation has completed 💻-🖥️-📱 Issue Yubikeys to Staff, the Hardware token shows which keys are compatible.

3. Add 2FA to all your sensitive apps and sites

For all the services which support it (e.g. Twitter, Gmail, Office 365), click on the "Docs" book icon and follow the instructions on how to secure the service with a second factor.

To guide you through this process at least once, we have a guide to 🔒 Setup 2FA for Facebook.

4. Use your Authenticator code to login

Next time that you will attempt to login to a service you have secured with 2FA, you will be prompted for your second factor, i.e. the Timed-One Time Password generated by your Authenticator app, so in that case

  1. Open the Authenticator app on your phone
  2. Select the account you want to login to
  3. Copy/Paste or type over the code within the allotted time
  4. You have successfully logged in!