Decoding two-factor authentication: which solution is right for you?

Español | Français

TL;DR: Today Access Now is releasing an infographic to help you choose which two-factor authentication method is right for you.

If you’ve been reading the news, you know that our accounts are vulnerable. The Equifax breach is just the latest and greatest in a long stream of hacks in which hundreds of millions of people have had their private information exposed. And even if you use strong passwords, attackers can reset your passwords using personal information that might be available just a few clicks away.

You may have heard of two-factor — or multi-factor — authentication (2FA or MFA) as a way to add a layer of security on top of your accounts. In addition to your username and password, enabling two-factor lets you use a second form of authentication, which may block thieves from accessing your information. A second factor to show that you are you — not an intruder — could be a hardware key, a dedicated phone application, an SMS text message, or your fingerprint. With so many options, it can be hard to decide which second factor to use. That’s why we created this guide to help you make an informed choice.

Access Now cares deeply about your security online. In fact, we believe that user-centric digital security is critical for our enjoyment of human rights like the freedom of expression. Our 24/7 Digital Security Helpline for users at risk — such as journalists, human rights defenders, activists, and members of marginalized communities — works with clients around the world to enable two-factor authentication, helping them to protect their accounts.

For the last several months, we have been looking for ways to encourage more people to take this one extra step to help improve the security for their accounts. There are also numerous other organizations doing great work to encourage users (we list out some of these terrific resources below).

We looked at the landscape of people and organizations working on two-factor authentication, and we found a gap. People are doing great work encouraging users to enable two-factor. And once you’ve made the decision to add security to your accounts, there are numerous guides explaining how to do it. However, we have not seen easily accessible material to explain the differences between the types of two-factor authentication, to help people decide which method to use.

When you log in to an account like Facebook, you are given options like using an SMS-based text message or a phone application. Our guide is aimed at helping you understand the pros and the cons of each method. That’s because with any digital security decision, there is no one-size-fits-all solution. We all have different concerns. For example, an SMS-based text message might be okay for some users, but for an activist who does not wish to provide her phone number, it could do more harm than good.

We invite you to take a look at our guide, and be sure to secure your accounts in a way that works for you. And then do the internet a favor by sharing this to help your friends secure their accounts, too.

Additional resources:

Surveillance Self Defense
Fido Alliance
Google video on 2 step
National Cyber Security Alliance
The Digital First Aid Kit