Two-factor authentication: protection for your accounts

Two-factor authentication (2FA) is a security procedure that strengthens access to an account by requiring, in addition to the password, a second proof of identity, for example a code on the smartphone. This significantly increases protection against unauthorized access, even if your password falls into the wrong hands.

What is two-factor authentication?

Two-factor identification combines two different, independent components to validate a user's identity. Withdrawing money or paying at the supermarket are everyday examples: in addition to presenting the bank card, the confidential code is requested. The transaction is only authorized if these two elements are combined. The same principle can also be used to secure email accounts, accounts on online stores or many other web portals.

Unfortunately, a large majority of accounts today are still protected by a single password. Once they obtain it, hackers can quickly access sensitive emails, account data or personal files. To prevent this, more and more providers such as Dropbox, Google or Amazon are offering two-factor authentication as an additional security measure. This procedure can vary considerably because the authentication elements vary depending on the service used.

The components and factors required for access can be many and varied. The most important and common factors for two-factor authentication are:

• Token (an identifier) ​​or access card
• PIN (Personal Identification Number)
• TAN (transaction number)
• Password
• Biometric characteristics (e.g. fingerprints, face, voice or iris).

All these factors are based on the possession or knowledge of an item allowing identification. The example of the ATM is a good illustration of this. The downside, however, is that the authorized person must always carry an ID or card with them. Otherwise, access may be blocked (for example, if the PIN code is entered incorrectly several times or if the card is lost).

For this reason, thetwo-factor authentication on the web increasingly uses identification methods that do not require traditional identifiers or which at least minimize the risk of loss: in general, the system generates a automatic code (OTP) in addition to the password. This is sent to the user on their smartphone, either by SMS, email or via a specific authentication application. This step ensures that only the person in possession of this additional security code can access the account. In addition, it is only valid once and loses its validity after a certain period of time, guaranteeing account security.

Two-factor authentication without a token or access card also offers the possibility of defining secondary methods for receiving the security code: if, for example, access to the application is not possible, it can be specified that an SMS is sent or that the authorized user can receive a call with the automatic announcement of the code.

Why is two-factor authentication important?

Zero risk does not exist when we talk about securing an account; so why implement double authentication? The answer is obvious: this method adds another level to the identification process. This is a second obstacle that unauthorized persons must overcome. Additionally, most attacks phishing fail in the face of two-factor identification.

Cybercrime statistics remain worrying. Phishing attacks, but also identity theft and account hacking, are affecting more and more individuals and businesses. Hackers often use stolen credentials or weak passwords to obtain sensitive information. This is precisely where two-factor authentication comes in: it provides an extra level of security that makes it much more difficult to access an account, even if the password is known. 2FA is therefore not a simple “plus”, but a essential protection against identity theft and other cybercrimes.

What are the disadvantages of two-factor authentication?

The level of security increases thanks to two-factor authentication and therefore brings a definite advantage. However, in the event of negligence or system failure, users run the risk of no longer being able to access their own account. Indeed, this method constitutes an additional obstacle not only for hackers, but also for themselves. Since double authentication for securing accounts on the web is normally done through a combination of knowledge (password, etc.) and hardware (smartphone on which the security code is received), the loss of smartphone for example, therefore results in a temporary exclusion of the user. Of the technical problems with authenticator apps cannot be completely ruled out either.

Fortunately, in this type of situation, most services offer a fallback, such as sending the authentication code to an alternate phone number. An emergency code (written or printed) or a backup email address is sometimes requested to restore access to the account. Thus, this apparent disadvantage can be largely put into perspective. When setting up the system, be sure to use these security measures and carefully record emergency access information. This significantly reduces the risk of self-exclusion.

What 2FA methods and tools are available?

There are different methods and tools to implement two-factor authentication. One of the most common variations is to use an authenticator application that generates time-based one-time passwords (TOTP). These apps also work without an Internet connection and offer a good balance between security and ease of use.

Another method is SMS verificationwhich consists of sending a code to the smartphone. This method is convenient, but it is considered less secure because text messages can be intercepted or hijacked. THE hardware tokenslike USB keys with a security key, are a very secure option, but more expensive and more complex to implement. Some services offer push notifications, which require users to actively confirm any login attempts on their smartphone. The choice of method often depends on the desired level of security and the technology available. Generally, the more distinct the second factor from the password, the more secure the procedure.

Here are the most common and widely used authentication apps:

• Google Authenticator
• Microsoft Authenticator
• Authy
• FreeOTP
• LastPass Authenticator

IONOS emails: configure two-factor authentication

To configure 2FA for your IONOS email accountyou have two convenient options: via a common authentication application or directly via the IONOS mobile application.

Setting up with an authenticator app

Setting up an authenticator app for your IONOS email account takes just a few steps:

1. Download the IONOS mobile app to your smartphone, available for free on Google Play or the App Store.
2. Log in to your IONOS account via a web browser.
3. Go to “My Account > Login & Account Security > Two-Factor Authentication”.
4. Choose the “IONOS mobile app” option.
5. Follow the instructions to enable 2FA. Once the configuration is complete, you will receive a notification on your smartphone each time you attempt to connect to your IONOS account, which you can validate directly from the application.

Two-factor authentication is thus permanently activated and helps to significantly strengthen the security of your account.

Configuration via IONOS mobile app

You can also use the official IONOS mobile app, available on Android and iOS. Once setup is complete, you will receive a notification on your smartphone each time you attempt to connect to your IONOS account for validation.

You will find detailed step-by-step instructions in the IONOS Support Center.