Two-factor authentication is a 2 step process to help keep bad guys out of a computer account even if they have your password. For shorthand in this tutorial, Two-Factor Authentication will be referred to as 2FA.
2FA can be broken down into two steps, as the name implies:
Step 1, login to your Adafruit or other online account with your user name and password.
Step 2, being prompted to provide a code that was sent to your mobile device to let you access the account.
2FA requires that both step 1 and 2 are both completed on the device from which you are trying to access your account.
Let's examine how 2FA can help in the following scenario:
Pikachu is a super adorable popular streamer on Twitch. Pikachu has heard of his friend's account getting hacked, so he took action to step up 2FA on his Twitch account to stay protected. Now, every time, his login process will be 2 steps and one of the steps is to provide the text being sent to his phone.
Mimikyu is another Twitch user who dislikes Pikachu. He wants to get a hold of Pikachu's Twitch so he can demand a ransom (a lot of money) to return it. Mimikyu has managed to successfully guess step 1 of the login process, Pikachu's username and password. But Mimikyu cannot get past step 2 because he needs the code sent to Pikachu's phone. Mimikyu, out of frustration, gives up without being able to steal Pikachu's account.
Score one for 2FA for being able to protect Pikachu from online attackers! pika pika!
At Adafruit Industries we are proud to be able to offer our community 2FA protection. Whether you want to use an Authentication app on your phone or just receive a SMS text message with the code to log in, please enable 2FA to add additional security to your account.
Do keep in mind, Mimikyu was able to successfully guess Pikachu's password, which was
Pikapika123! This is not a very good password since it can be easily guessed given Pikachu's social media posts and the content he puts out.
Keep a lookout for our next guide on how to increase password complexity and use online password managers to prevent attackers from guessing your passwords so easily.