Overview
This guide details the steps for enabling 2-step verification (2SV) on your vital online accounts. Implementing this feature significantly reduces the likelihood of unauthorized access, even if your password has been compromised.
For IT professionals seeking guidance on broader implementation of 2SV in larger organizations, please consult the NCSC’s dedicated resource on multi-factor authentication for online services.
Defining 2-Step Verification (2SV)
2-step verification (commonly referred to as 2SV) adds an additional layer of security to your online accounts by confirming your identity through a second method. This verification process is applicable to major online services, and is also known as two-factor authentication (2FA) or multi-factor authentication (MFA).
During the 2SV setup, you will be prompted to provide a ‘second step’, which is something uniquely accessible to you. This often involves a code sent via text or generated by an authentication application.
The Importance of Using 2SV
Cybercriminals can steal passwords, which might lead to unwanted access to your accounts. However, accounts configured with 2SV require an additional verification step, clarifying your identity and blocking unauthorized users even if they have your password.
The NCSC advises that you enable 2SV on critical accounts, often categorized as ‘high value’. These are the accounts associated with significant personal or financial information. It’s particularly important to protect your email account, as access to your inbox can enable criminals to reset passwords for other accounts.
Setting Up 2SV
Some online platforms have 2SV enabled by default, but for many others, you will need to manually activate this feature for added security on platforms like email, social media, and cloud storage. Generally, the option to enable 2SV can be found in your account’s security settings, often labeled as ‘two-factor authentication’.
The Cyber Aware pages provide current instructions on how to set up 2SV across popular platforms such as Gmail, Facebook, X (formerly Twitter), LinkedIn, and Outlook.
Types of 2SV
When 2SV is activated, you will need to supply a second form of identification to access your account. Multiple types of verification methods are commonly available:
Various platforms offer different forms of second-step verification. Some services propose apps that request confirmation after you’ve logged in, while others support ‘security keys’, which are compact devices that can be purchased. You may also have the option to use an alternative email account as a second step, as long as it differs from the one linked to your password retrieval. If your provider supports these options, consider utilizing them.
It is advisable to establish a backup verification method, particularly if you can’t access your primary method (for instance, if your phone battery is depleted). Most platforms allow multiple verification options for this reason. Backup codes are convenient in such cases, as they can be used even if your mobile device is not available.
Be cautious if a service employs security questions or memorable information (e.g., ‘What was your childhood pet’s name?‘) as substitutes for 2SV, as these alternatives do not provide equivalent security. Always enable 2SV wherever feasible.
Frequency of 2SV Usage
No, once 2SV is established, it is generally only required during sensitive actions where unauthorized access could result in significant consequences. These may include initiating new transactions in your bank account, accessing an account from an unfamiliar device, or modifying your password. This structure helps mitigate risks while not necessitating a second verification for every login. If you’re prompted to provide a second step each time you log in from your personal device, consider selecting an option such as ‘remember my device’ or ‘remember this browser’.
Alternatives if 2SV is Unavailable
The NCSC advocates for 2SV availability across all services handling personal data or managing financial transactions. While many reputable services offer it, some others have yet to adopt this feature. If 2SV is not an option for an essential account, such as your email, ensuring a strong and unique password is crucial. You might also consider switching to a service that does provide 2SV.
Article has been taken from ncsc.gov.uk: https://www.ncsc.gov.uk/guidance/setting-2-step-verification-2sv
