Two-Factor authentication (2FA) is a security feature that, until recently, you could mostly see in critical applications that deals with very sensitive data - such as online banking. 2FA is an essential security feature for leading cloud-based services that take your account and data seriously, such as Clinked. And so, here's why it's so important to take security seriously:

Traditionally, all you had to do is to enter your username/email and your password in order to login to your account. You might think choosing a password wisely with sophisticated characters and combination of letters, numbers and special characters would stop anyone to access your account. Wrong!

You may have created the most sophisticated password in the planet, which is effective against techniques such as brute-force, to a degree, which could make the intruder’s life a bit more difficult. However, it does not stop hackers or even inexperienced opportunists from stealing your password within a few seconds.

What is Two-Factor authentication (2FA)?

2FA simply asks for more than just your password. To login to your account, you would need to enter your username/password as well as a code generated by a smartphone or security device.

The idea behind 2FA is to use “Something you know” (your password) and “Something you have” (your phone or a security device).

Why should you care?

Because it is one of the best ways to keep your account and data secure. Two-Factor authentication reduces the risk of online fraud and identity theft significantly because password alone would not be enough to gain access to your account. You would also need a code generated by a security device or an app on your smartphone that was previously verified.

Which Two-Factor authentication (2FA) method is the best?

While any form of Two-Factor authentication drastically improves security, there are different ways to implement 2FA and some of them are much better than the others.

Secret Questions

Many secret questions such as "Where were you born?" or “What is your mother’s maiden name?” are not ideal ways of confirming the identity and certainly is not a unique knowledge factor because this information could be researched or may be known to people close to you.

SMS Messages

Although convenient, text messages are generally considered insecure and can be intercepted and used by others. Another issue is that messages may not be delivered instantly, which causes delays in authenticating.

Hardware Tokens

Hardware security tokens are simple to use and do not require an Internet connection. There is a pre-defined time based cryptographic algorithm, which generates a code. The downside of this approach is to remember to carry the hardware token wherever you go. The device can also be physically stolen.

Authentication Apps for Smart Phones

This method is one of the best ways to use 2FA. There is no need to carry additional hardware device (you are probably carrying your mobile phone with you anyway). The codes are constantly changed and dynamically generated. Even if you don’t have mobile reception, this method still works and way faster and more secure than SMS codes.

Clinked introduces Two-Factor authentication (2FA)...

As part of the ongoing security strategy, Clinked has recently implemented Two-Factor Authentication (2FA). Two-Factor authentication is the latest security feature that can be enabled for each user account individually. This adds an extra way for users to prove their identity before gaining access to the platform.

Two-Factor Authentication will increase security drastically on your account by requiring two steps to log in to your platform: Something you know (your username/password) and something you have (your smartphone).

How to activate 2FA?

1. Click the drop-down menu next to your profile picture in the top right hand side of your screen and click Personal Settings.
2. Scroll down to the bottom of the screen and click on the button “Activate Two-Factor Authentication”

3. Download one of the following apps to your smartphone:

• Google Authenticator
• Duo Mobile
• Authy
• Windows Phone Authenticator

4. Scan the barcode shown on the screen and enter the verification code generated by the app. 

When you first set it up 2FA, your account creates a secure key that is shared with your phone via a QR code. This key is then encrypted on both ends using the current time to generate a new code every few seconds.

Sign in now and begin implementing two-factor authentication into your client portal.