Scroll Top
Republic of Trinidad and Tobago

2FA

To enhance the safety of your online presence you should arm your online accounts (email, social media etc) with a security process known as Multi-Factor Authentication (MFA) or also referred to as Two-Factory Authentication (2FA). MFA/ 2FA creates extra security layers between the you and the account you are trying to access by requiring two or more separate steps to verify their identity. These ‘steps’ can be broken down into three main categories:

Something you know: password, PIN, security questions, username, etc.

Something you have: smartphone, One Time Password (OTP), token, etc.

Something you are: biometrics (fingerprint, facial/voice recognition), etc.

For example: In the event a hacker correctly guesses your password i.e. something you know, if you have 2FA configured on your account then this will require an additional step for the hacker to get into your account. With 2FA, the hacker cannot access your account because they don’t have access to your phone or security token to which the 2FA code is being sent.

You can set up 2FA using Authenticator Apps which are free to download or by purchasing a physical token (USB type device).

Authenticator Apps

Authentication apps generate one-time numerical passcodes that change approximately every minute. When you log in to your service or app, it will ask for your authenticator code; you just open up the app to find the randomly generated code required to get past security.

Popular options include Google Authenticator, and Microsoft Authenticator.

Security Keys / Tokens

Security keys, such as the ones sold by Yubico, are the safest method to use. They can connect to your system using USB-A, USB-C, Lightning, or NFC, and they’re small enough to be carried on a keychain. Many sites support security keys, including Microsoft, Twitter, Facebook, Google, Instagram, and others. Though the safest, one must bear in mind that you must have access to the key at all times. It is recommended to have a backup authentication method (e.g. authenticator app) in the event you don’t have access to your physical security key.

1