internet security

Why everyone needs two-factor authentication

Yes, I know. It’s not the most obvious knitting topic and also, not the most glamorous of subjects but it is so, so important.

If you are wondering what on earth two-factor authentication (2FA) is and why you should care please just read on. Give me two minutes of your time and hopefully I can persuade you why it’s important - not only for your own internet security but for your friends and the knitting community at large.

Put simply, 2FA is a way of making sure that when you log into your social media account (whether its Twitter, Instagram or Facebook) that you are who you say you are. If you are anything like me you probably stay logged in to your commonly used apps. Only having to sign back in when you log out for whatever reason or you access the app from a different device.

Having 2FA switched on means that when you do this there’s an extra level of security attached so that the app can be sure it’s you accessing Instagram from a new laptop - and not a hacker trying to gain access.

You can choose to have this via a text message sent to your phone (although Twitter, controversially only allows this for blue tick accounts now), or you can use one of the many free apps available - Google authenticator is a good one and Authy also is widely used.

Once these are switched on (look under the security settings of the relevant app) you’ll be prompted to enter a code if you log in from a new device, or if you’ve previously logged out for whatever reason. There’s a great summary here.

A salutary tale:

If you are reading this thinking that you are always careful, you have a strong password and you rarely log out of apps, please read on. I consider myself to be pretty internet savvy but on the day in question it was my Dad’s funeral (or possibly the day before, I can’t honestly remember) and I was on Instagram when a message popped up from a friend (or so I thought).

She had managed to get herself locked out of her IG account and could I please send her one of my backup codes.

Now of course, in the cold light of day I recognise this to be a scam. It wasn’t my friend at all, but a hacker who had accessed her account and was no doubt sending the same message to all those who followed her so that they could hack as many accounts as possible.

But I wasn’t thinking clearly, I wanted to help my friend and without really thinking I DM’d her my code. Instantly there was a pop up text from my 2FA service saying ‘is this you trying to log on from xxx location’

Of course, then I realised how foolish I’d been and how close I came to losing my IG account (and 10 years of photos).

But my point is that it’s so easily done. And once a hacker has access to your account they can wreak untold havoc.

So yes, it might only be your knitting account where you share photos of your yarn and cats. But in a hackers hands they can use it to continue their attack on people in your friends list too.

Turning on 2FA takes just a few minutes, but it doesn’t just protect your own account, it helps to protect everyone you are connected to online.