It is time to clarify another common technology term here on Spam Resource. Today we're decoding 2FA, short for two factor authentication. You'll also see people use the broader phrase multi factor authentication, or the alternative phrase two step authentication.
And while 2FA security is not unique to email accounts, it is often used in the email space, so if you're not familiar and would like to learn what it means, read on.
2FA adds a second security step to a login – a second factor, hence the "two factor" term. Your password is the first factor. A code texted to your phone, a prompt from an authenticator app, or a hardware key gives you the second. With that "second factor" requirement in place, a stolen password alone is not enough to get into your account.
A lot of email platforms and marketing tools now offer support for 2FA, sometimes mandatory, sometimes not. Even if it's optional, many smart folks consider it part of the "table stakes" – meaning a must have – for account safety. When somebody gains access to your sending platform or email account, they gain access to your templates, subscriber data, sending reputation, and maybe even your domain authentication setup. A takeover like that can lead to real trouble very quickly.
Think of how much of your life is stored in the cloud. If you keep important documents in Google Docs, have private information in your Gmail account that you don't want other people to see, and if you don't want people to be able to successfully send mail pretending to be you, 2FA adds an extra layer of protection – an extra barrier to help keep hackers out – so that a stolen password alone is not enough to give somebody full access to one or more of your accounts.
2FA gets tricky if you're using a shared login, meaning more than one person accesses some account using the same username and password. There are tricks (clever hacks) to be able to support multi-user 2FA accounts, but really, this isn't a good way to handle things. Each user should have their own login, with their own credentials, to whatever services they need to access. The less you share passwords (or auth codes or anything else), the less you have to worry about credentials escaping into the wild.
There are different ways to implement 2FA authentication. TOTP (Time-based One-Time Password) is one of my favorite ways to handle this. Those "Authenticator" apps from Google, Microsoft, Authy and others use TOTP, where you get a rolling code to enter when logging in. A rolling code, meaning it changes every 30 or 60 seconds, meaning old codes lose their ability to help you login very quickly.
Other methods include push prompts, email codes, hardware security keys, or even SMS (text message) codes. (Some people believe that SMS-based authentication is insecure, because of things like "SIM swapping." A long description of why gets out of scope fast, so I'll spare you, but I am one of those people who prefers to use 2FA methods other than SMS wherever possible.)
Most email accounts (including Google, Microsoft and Apple) support 2FA nowadays. If your desired webmail platform supports it, I strongly recommend it. Same goes for other logins, too. 2FA is a really good way to add an extra layer of security to your email marketing platform accounts, domain registrar accounts, and of course, banking and financial accounts.
I hope you found this insightful! For more definitions like this, check the DELIVTERMS section here on Spam Resource.
It is time to clarify another common technology term here on Spam Resource. Today we're decoding 2FA, short for two factor authentication. You'll also see people use the broader phrase multi factor authentication, or the alternative phrase two step authentication.
And while 2FA security is not unique to email accounts, it is often used in the email space, so if you're not familiar and would like to learn what it means, read on.
2FA adds a second security step to a login – a second factor, hence the "two factor" term. Your password is the first factor. A code texted to your phone, a prompt from an authenticator app, or a hardware key gives you the second. With that "second factor" requirement in place, a stolen password alone is not enough to get into your account.
A lot of email platforms and marketing tools now offer support for 2FA, sometimes mandatory, sometimes not. Even if it's optional, many smart folks consider it part of the "table stakes" – meaning a must have – for account safety. When somebody gains access to your sending platform or email account, they gain access to your templates, subscriber data, sending reputation, and maybe even your domain authentication setup. A takeover like that can lead to real trouble very quickly.
Think of how much of your life is stored in the cloud. If you keep important documents in Google Docs, have private information in your Gmail account that you don't want other people to see, and if you don't want people to be able to successfully send mail pretending to be you, 2FA adds an extra layer of protection – an extra barrier to help keep hackers out – so that a stolen password alone is not enough to give somebody full access to one or more of your accounts.
2FA gets tricky if you're using a shared login, meaning more than one person accesses some account using the same username and password. There are tricks (clever hacks) to be able to support multi-user 2FA accounts, but really, this isn't a good way to handle things. Each user should have their own login, with their own credentials, to whatever services they need to access. The less you share passwords (or auth codes or anything else), the less you have to worry about credentials escaping into the wild.
There are different ways to implement 2FA authentication. TOTP (Time-based One-Time Password) is one of my favorite ways to handle this. Those "Authenticator" apps from Google, Microsoft, Authy and others use TOTP, where you get a rolling code to enter when logging in. A rolling code, meaning it changes every 30 or 60 seconds, meaning old codes lose their ability to help you login very quickly.
Other methods include push prompts, email codes, hardware security keys, or even SMS (text message) codes. (Some people believe that SMS-based authentication is insecure, because of things like "SIM swapping." A long description of why gets out of scope fast, so I'll spare you, but I am one of those people who prefers to use 2FA methods other than SMS wherever possible.)
Most email accounts (including Google, Microsoft and Apple) support 2FA nowadays. If your desired webmail platform supports it, I strongly recommend it. Same goes for other logins, too. 2FA is a really good way to add an extra layer of security to your email marketing platform accounts, domain registrar accounts, and of course, banking and financial accounts.
I hope you found this insightful! For more definitions like this, check the DELIVTERMS section here on Spam Resource.
Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.