It might not seem like it, but two-step verification (aka two-factor authentication) is already a common aspect of our lives. For example, if you used your debit card today and entered your PIN, then you used two-step verification.
But, beyond adding a layer of security to financial transactions, it has many other uses as well, including a wide application across the digital aspect of our lives.
Below you’ll learn about two-step verification in depth, understand why it’s important, and finally figure out how to set it up across your various accounts, including right here at GoDaddy.
What is two-step verification?
Two-step verification is a widespread security protocol. It’s so common that most applications and services already have it baked into their settings.
Two-step verification goes by many names, including two-step authentication and two-factor authentication. But, whatever you see it being called, the process remains the same.
Essentially, it’s a process that requires two methods of proving your identity before you can log in to an account.
Now, there is a slight difference between the technical definition of two-step verification and two-factor verification.
With two-factor authentication, there are two different factors at play. You have your password and a secondary factor, like your phone or your fingerprint. With two-step verification, you only have a single factor, like your password, followed by a set of security questions.
However, these terms are used interchangeably and often refer to the same thing.
How two-step verification works
The process can be applied widely, but one of the primary forms of verification includes SMS verification. Let’s say you log in to your bank account website, and then a four-digit PIN is sent to your phone via text message. Once you receive the code, you enter it and can proceed with logging into your account.
The additional layer of security two-step verification provides means that a hacker or other nefarious individual needs to steal your password and your phone. They might even need to know your phone’s passcode.
With SMS-based two-step verification, the password you receive only has a short time frame where it functions as well. Whenever you need to log in, you’ll receive a new code. This might seem tedious, but an extra few seconds can mean the difference between a secure and compromised account.
Beyond SMS two-step authentication, there are a few additional methods of identity verification, including:
- Biometrics: This includes face, fingerprint, retina or voice recognition.
- Hardware: This is specific hardware, like a USB, designed with two-factor authentication in mind.
- Application: This is a particular application that generates a unique code across multiple different logins.
We’ll dive deeper into the different applications available below.
Why is two-step verification used?
It can be challenging to verify that people are who they say they are across the online space. Given the fact that nearly 60 million Americans were affected by identity theft in 2018, you can see why protecting your accounts is so important.
There are no bulletproof security protocols, but instead security best practices you can follow to elevate your levels of account protection.
For example, think about how you’d go about protecting your home. You can install an alarm-based security system, use cameras, add sensor-based lights around your home, and even get a large dog with a loud bark. All of these measures mean that your home is more secure, but it doesn’t guarantee that no one will ever try to break in.
The same goes for your online accounts.
Plus, if your account does get targeted, it’ll be that much more challenging to break in.
Who should use two-step authentication?
Anyone interested in improving the levels of security across their online accounts should enable two-step verification.
It’s a process that’ll add a few minutes to your day (at the very most), and it’ll help protect your accounts from being hacked, and your identity from being compromised — a small price to pay for improved security.
This is especially true for accounts that have access to any personal financial information, like your bank, Amazon and even your GoDaddy account. Imagine the hassle of someone accessing your hosting or domains, and transferring them over to their name.
Different two-step verification methods available
There are many options, depending on the service you’re using. But here are the most commonly used approaches:
- SMS Text Message. You’ll receive a four to six-digit code via text, which you must enter to access your account.
- An Authenticator App. You use an app like Google Authenticator or Authy, which manages your security codes for you.
- A Hardware Security Key. You insert a physical hardware key into your computer, like Yubikey, which verifies your identity.
Using two-step verification with your GoDaddy account
Luckily, enabling two-step verification on your GoDaddy account is pretty simple.
All you have to do is follow the steps below:
- Log in to your GoDaddy account, and navigate to your Account Settings.
- Then, select Login & PIN.
- Select 2-Step verification, then click Add Verification.
- Now, you’ll choose the verification method you prefer, whether that’s SMS code or an authenticator app. You can choose to enable two-step verification during every login, or only during high-risk transactions like changing your password, PIN or username.
- If you went with the phone number, then you’ll need to enter your phone number and enter the code you receive via text. If you chose the authenticator app option, then install the app, scan the barcode, and enter the authentication code.
- Once you’re done, click Continue and you’re all set.
Using two-step verification across the Web
Nearly every platform and service across the internet will have two-factor authentication enabled.
Here’s a quick breakdown of how to turn on two-factor authentication on some of today’s most popular platforms.
Enable two-factor authentication on Twitter
Here’s how to enable two-factor authentication on Twitter:
- Navigate to your Twitter account and click your profile icon. Then, on the dropdown menu click on Settings and privacy.
- Then, click on the Account tab. Under the Security section click the Set up login verification button.
- On the pop-up box, click the Start button.
- Then, you’ll need to verify your Twitter password.
- Next, enter your phone number, and click Send Code. This is the number where you’ll receive your SMS verification code to login.
- Enter the code you received on the next screen, then click Submit.
- You’ve now activated SMS two-factor authentication on your account.
You can learn more on Twitter about how to activate login authentication.
Enable two-factor authentication on Facebook
Follow these steps to enable two-factor authentication on Facebook:
- Open your Facebook account, click on the drop-down arrow in the top right corner and go to Settings.
- On the left-hand menu click on Security and Login.
- Then, scroll down and look for a section called Two-Factor Authentication, then click on Use two-factor authentication.
- On the next page click Get Started.
- Here you can choose between an authentication app and using a text message. Select your preferred option, then click Next.
- If you chose the text message route, then you’ll receive the verification code on your phone.
- Input the code and if it’s correct, two-factor authentication is now enabled on your account.
Facebook offers a detailed help resource for users who have questions setting up two-factor authentication.
Enable two-factor authentication on Gmail
Here’s how to enable two-factor authentication if you have a Gmail account:
- Open your Gmail account, and click on your avatar and select Google Account.
- On the next screen select the Security option.
- Next, find the Signing in to Google section and click 2-Step Verification.
- Then, on the next screen select Get Started and enter your password when prompted.
- Get your phone ready for this step. Enter your phone number and select Text message, then click Next. If you have a connected Google device, like a Pixel phone, you will also need to select the Google prompt.
- On the next screen you’ll enter your verification code and click Next.
- If the code matches up, then click Turn On and you’ve successfully enabled two-step verification.
Google has a helpful resource on properly setting up two-step verification for users who run into any issues.
Pros of two-step verification
Two-step verification is a great way to enhance security across your online accounts. Here’s a quick look at some of its biggest advantages:
1. An easy-to-implement security protocol
Two-factor authentication is built into most services. Usually, all you have to do is turn it on within the program or application settings. Once it’s enabled, it’ll become a routine part of the login process for you or your team.
2. It’s inexpensive
As far as security is concerned, it’s a free solution to your security woes. If you upgrade to the hardware authentication level, then you’ll have to pay for the device, but otherwise, there usually aren’t any costs involved.
3. Protects your sensitive accounts
Finally, it’s a downright simple way to protect your accounts. Like we highlighted above, it isn’t foolproof. But, it is a big step that’ll help keep your information free from hackers and other prying eyes.
Cons of two-step verification
However, two-step verification isn’t perfect. Here are some of the main drawbacks of two-step verification. But as you’ll see they’re pretty negligible.
1. Slower login time
It won’t add that much time to the login process, but for some users, this might be a minor annoyance. However, using an authentication app or physical hardware can speed up the process.
2. Not 100% secure
No security solution is 100%. Beyond two-factor authentication, there are additional procedures you’ll want to have in place to secure your account, starting with a strong password.
3. Might be integration issues
SMS authentication is pretty standard and should work smoothly with most apps and services. But if you prefer the physical hardware or authentication app approach, then you might run into some compatibility issues.
Your password might not be as secure as you think. But even with a secure password, your accounts are still at risk.
When your account is hacked, all of your information is at risk. So why take the chance, especially when two-step verification is so simple to implement?
With two-step verification enabled whenever you enter your password you’ll be asked for an additional verification step (depending on the route you chose). Once you complete this, you can log in securely and access your account.
Still, there are additional steps you can take to protect your online accounts even further, like:
- Creating strong account passwords from the start.
- Regularly backing up your website and computer files.
- Making it a habit to update old passwords across all of your online accounts.
- Turning on a firewall on your personal computer, such as FileVault for Mac.
Looking for more ways to keep your accounts secure? Check out all things security from GoDaddy. They have you covered with SSL certificates, website backup and more.
This article includes content originally published on the GoDaddy blog by Todd Redfoot and Lorraine Akemann.