Password managers and two-factor authentication: what is it and why should it be used?
Nowadays, many do not take securing their own online accounts seriously. Usually only a simple password is used for multiple logins, which means that accounts can be cracked easily. But there is a remedy for this.
More precisely, a password manager and two-factor authentication (2FA) can help here. In this guide I would like to explain what it is exactly, how it works, which options you can access and why you should use a password manager and a 2FA.
Jump to section
What is a password manager and a 2FA?
A password manager is, quite simply, a safe. An online safe for passwords. There is a master password to get into your own password manager. Then you can store all important passwords there. The advantage: You only have to remember one password and can (theoretically) use a different password for the other accounts, because you can simply copy it out. Many password manager providers already offer auto-fill - more on this in a moment.
A 2FA can be thought of as an additional wall before you can finally log in. If a 2FA is activated for an account, a code is activated in an authenticator app on the smartphone, which must also be entered after entering the actual password. Otherwise you stand in front of closed doors. The advantage here: Even if you know your password, it won't be of any use to you without your smartphone.
What are the options?
There are definitely two questions that arise now. One of them likely revolves around choosing the right password manager and 2FA.
Google and Apple offer their own options for password managers. Google gave your own manager no special name. Apple christened its own password safe,iCloud keychain". But there are also some good third-party solutions out there. Are pretty popular here Dashlane and Enpass. However, if you want to use these services properly, you have to pay a certain amount for them. I personally use LastPass. There is also a premium package here, but I don't use it because the free version is completely sufficient for me.
Apple does not offer an app for 2FA. Google, on the other hand, does, Microsoft also has something on offer here. An authenticator app from Lastpass is also available in the Play Store and in the AppStore. I use however authyas this app has the best reviews. You can also create a backup of your 2FA logins here.
Functionality
But how does a password manager and a 2FA work? All login data is stored in a password manager. If you need a password, you can log into your safe with the master password, put it on the clipboard and paste it into the password field. Most services also offer a system-wide auto-fill feature under Android and iOS. Auto-Fill means that you call up the manager of your choice on a login page and log in with the master password. The username and password will now be used automatically. For Dashlane, Enpass and Lastpass you need a browser extension on the PC in order to be able to use Auto-Fill. The iCloud Keychain works system-wide under macOS (to the best of my knowledge).
Before a 2FA comes into effect when logging in, you have to activate it in the settings of a service of your choice - provided the feature is supported. You can find the right settings for your own Google account, for example under “Security” in the account overview. Now either a QR code or a numeric code is provided with which you can add the login in the authenticator app. If you want to log in to Google, you have to call up the appropriate entry in the 2FA app and enter the code displayed there after logging in with the actual password. Incidentally, this code changes every 30 seconds.
Conclusion
In the end, everyone should decide for themselves whether and how to protect their own accounts. In my opinion, however, everyone should deal with it. I can say for myself that I don't want anyone to have access to my private emails and data just because I chose a bad password that I may have used elsewhere.
What if the oh-so-great password safe is hacked? Then you have immediate access to everything. In my opinion, a password is more secure in your head.
Hi Thomas,
thank you for your comment with this interesting suggestion. I then searched Google for hacks by password managers and could only find a few ancient cases where the services I mentioned were not included.
Regards
David Haydl from TechnikNews