Security: Two Factor Authentication

By Bryan Parsons

26 March 2014

Many of the cloud services you use are now supporting two factor authentication, many banks have been using it for a while but it is becoming more commonplace as users store more of their personal information in the cloud.

Do I need it?

Most of your online accounts like Google, Facebook etc just require a password to access them by default, provided you choose a decent password this offers a reasonable level of security. However ‘brute force’ attacks are becoming more common and all that’s required is your public email address.

A brute force attack involves trying thousands of password combinations against your email address (using an automated system), if they attack goes on long enough, chances are it’ll guess your password eventually.

Two factor authentication prevents this type of attack and others (such as malware which steals your passwords or monitors what you’re typing).

What is it?

You’ll still need a password to access your online accounts and in addition you’ll need a physical device (usually your mobile phone). When an attempt is made to log into your account with your password a code will also be sent to your phone which you’ll need to enter to gain full access.

The code sent to your phone is for one time use and will expire after a few minutes, so it can’t be stolen or cracked. The system also means only you with your physical mobile phone in your possession can gain access to your account.

Isn’t it annoying?

If it’s implemented well, no. Most companies who support it allow you to set-up trust with certain PCs and applications, these trusted points of access will work without two factor authentication.

This means logging on from your home or work PC every day isn’t an issue and doesn’t take any longer, but if you try and log in from a different computer or more importantly, someone else tries to access your account from a non-trusted system, two factor authentication will be required.

Obviously, if you forget or lose your mobile phone this can prevent you accessing your accounts which could be frustrating, I would say this is a price worth paying for the extra layer of security.

Where do I start?

Several of the major cloud accounts now provide dual factor authentication, the list below isn’t exhaustive…

Here at SpiderGroup we use it to secure all our admin accounts and if you’d like the extra layer of security for your hosted system just let us know.


For more information, call us on 0117 933 0570 or fill in our contact form and we’ll get back to you.

This site doesn't support mobile landscape mode.
Please rotate back to portrait mode.