Protect your Reloadify account from now on with two-step authentication
Reloadify is launching two-step verification, or 2FA, through Webauthn. In this article, we explain what it is and why it is so valuable for your Reloadify account.
To make the value of 2FA / Webauthn clear, we'll take you back a bit in time:
When the internet was relatively new, you could choose a username and password for websites without too much thought. But soon hackers found out that people are creatures of habit and mostly use the same passwords and usernames, resulting in many hacked accounts. As many as 81% of hacks online take place using a stolen password.
Highlights of this blog:
- Two-factor authentication (2FA) is a security system that requires two separate, distinct forms of identification to allow access to a secure environment.
- The first factor is a password and the second usually includes a code sent to your smartphone or biometrics using your fingerprint, face, or eyes.
- While 2FA significantly improves account security, it is not 100 percent foolproof.
- WebAuthn is the newest option for 2FA and enables 2FA via biometrics.
What is two-factor authentication?
Two-factor authentication is an additional layer of security added to an online account. Two-factor authentication is a combination of two of the following:
- Something you know (your password)
- Something you have, often this is your mobile (such as a text message with a code, or an authentication app)
- Something you are (biometrics using your fingerprint, face or retina)
The latest technology of two-factor authentication is WebAuthn. More on that later.
Two-step verification to the rescue, or not?
To make the value of 2FA clear, let's take you back in time a bit. When the Internet was relatively new, you could choose a username and password for Websites without too much thought. Soon hackers found out that people are habitual users and mostly use the same passwords and usernames. The result: many hacked accounts. As many as 81% of hacks online occur using a stolen password.
In response, 2FA was created. 2FA stands for Two Factor Authentication and requires a dual form of identification. For example, an SMS, email with login code or One Time Password via an Authentication app such as Google Authenticator.
There are just several problems with this method of 2FA. The amount of people who enable 2FA is low because it creates an additional barrier to logging in quickly. You can imagine that if you have to open an app every time to get a one-time password this will get on your nerves. It is also not as secure as people thought at the time, especially the option to receive an SMS or via a one-time code through your mail is very susceptible to spoofing.
Two-factor authentication with a code
One of the most common ways to use two-factor authentication is with a so-called authenticator app. An authenticator app generates a unique code that you must enter in addition to your password to log in. To set up two-factor authentication using an authenticator app, you first need to download and install an authenticator app on your phone.
There are several authenticator apps available, such as Google Authenticator and Microsoft Authenticator. Once your app is installed, you can link your account by scanning a QR code or entering a code manually. An authenticator app works with a TOTP: Time-Based One-Time Password. TOTP works based on a secret key and an algorithm that generates a new code every 30 seconds. This way, the code is only valid for a certain time and cannot be reused. From then on, when you try to log into your account, you have to enter the generated code from your authenticator app in addition to your password.
It may happen that you no longer have access to the authenticator app, for example, because you lost your phone. In that case, there are backup codes. These codes are generated the moment you install the authenticator app. You should save the backup codes in a safe place. If you lose access to the app, you can still access your account using the backup codes.
Two-factor authentication with WebAuthn
In addition to using an authenticator app for 2FA, there is WebAuthn. WebAuthn is an abbreviation for the Web Authentication API. This API was developed by the W3C, FIDO and names like Apple, Google, Microsoft, Yubico and more. It is part of the FIDO2 network for passwordless authentication between servers, browser and authenticators.
WebAuthn is supported by any browser, operating system and device. So you're not stuck with apps, software or specific devices. This means you don't need an app for 2FA but can, for example, use the face detection on your Android phone, Windows Hello or the fingerprint scanner on your Macbook. You can also add multiple devices so you don't have to use your private phone for work, for example.
Two-factor authenticate with biometrics or Windows Hello
Many phones and laptops already have a fingerprint scanner or facial recognition. This makes it possible to add this form of authentication to the process for logging into an account online. Consider your Reloadify account. After you enter your password, you are prompted to scan your fingerprint or face to confirm your identity.
Using biometrics such as fingerprints and facial recognition is a safe way to secure your accounts. Most devices store your biometric data locally, meaning it is not sent to other locations. So the data stays on your phone or laptop itself.
Windows Hello
Windows Hello is a biometric authentication system developed by Microsoft for Windows 10 users. It provides numerous features, including facial recognition, fingerprints and iris scans, that you can use as second factor authentication. In most cases, you can use biometric authentication and Windows Hello as second factor authentication by setting up your device. To do so, go to "Settings" and to "Accounts," click on "Login Options," select "Windows Hello" for facial recognition or fingerprints and follow the instructions. After this, you will use a second authentication method such as a text message, PIN or biometrics when logging in.
There are already several Websites currently supporting WebAuthn, such as Google, Microsoft, Dropbox and Github. It is expected to be increasingly implemented by other websites and services. To use WebAuthn, you need a compatible Web browser, such as Google Chrome, Mozilla Firefox or Microsoft Edge.
Two-step verification in Reloadify
Reloadify is directly connected to your webshop. Because all your data flows directly to us, we want to protect your account as much as possible. Therefore you can now protect your account with 2FA. We use both 2FA via an authenticator app and WebAuthn. So we let our users choose whether they want to log in with an authenticator app or via the latest technology WebAuthn.
Want to know how to set up two-step authentication in Reloadify? Then read our help article.