Multi-factor Authentication: What is it, How do you Enable it for Email, and How Does it Protect you?

Spike Team
By Spike Team, November 29, 2021, 5 min read
Multi-factor Authentication

Password security is often a hot topic among security professionals. If you use the same password everywhere, and one site gets hacked, then you are vulnerable everywhere. Whenever a big website is compromised, hackers will often try stolen login credentials on sites like PayPal, Gmail, Amazon, etc. By having a unique password, you only have one compromised login vs hundreds of potential passwords floating around the internet. There is another way to increase security that all security professionals recommend. It’s called Multi-factor Authentication and it’s recommended for every website you use that supports it. In a sense, it combines something you know (your password) and something you have (an app that generates a two-factor authentication code).

 

 

What is Multi-factor Authentication?

Multi-factor Authentication

 

Other terms for this are Two-step or Two-factor Authentication. Whatever you call it, by enabling Multi-factor Authentication, you give yourself an extra layer of security.

 

While a strong/unique password is still recommended, a multi-factor enabled login has an extra layer of security. When logging into a website, not only do you have to provide the correct username and password, but you will also be asked for a second code that is constantly being rotated (every 30 seconds).

 

There are multiple apps that support this. Popular ones are Google Authenticator (iPhone and Android), Authy (iPhone and Android), and 1Password (iPhone and Android). While they look and act differently, they all use the same technology to generate the codes. Some websites might even mention they work with Google Authenticator, but this doesn’t mean it’s the only app that will work.

 

When you log in to a platform that supports Multi-factor Authentication, you’ll be prompted to enter your secondary code. As mentioned above, these codes rotate frequently, so you’ll need to grab it quickly. One benefit here is that it works offline so you don’t have to worry about receiving an SMS message.

 

 

SMS is an Insecure Way to Use Multi-factor Authentication

One thing to note is that SMS is not a secure way to use Multi-factor Authentication. SMS communication is not very secure compared to the one-time-based passcode solutions. T-Mobile’s recent data breach should also concern customers who are using SMS for Two-factor Authentication. The attack reportedly leaked IMEI information which compromises the security of SMS-based Two-factor Authentication solutions.

 

Hackers use inexpensive mirroring solutions to monitor SMS activity and grab SMS Two-factor Authentication codes without users knowing. Users that sync SMS messages with their Mac or PC also increase their risks if a computer is stolen by a hacker who can easily access these SMS two-factor codes.

 

 

What Email Solutions Offer Multi-factor Authentication?

  • Google Workspace

  • Outlook / Exchange

  • iCloud

  • Yahoo

  • Gmail

  • FastMail

 

How do you Enable Google Workspace and Gmail Multi-factor Authentication?

  1. Open your Google Account.

  2. In the navigation panel, select Security.

  3. Under “Signing in to Google,” select 2-Step Verification and then Get started.

  4. Follow the on-screen steps.

 

Google recommends using prompts from the Google app for iPhone and Android, but you can use your own authentication app.

 

 

How do you Enable iCloud Multi-factor Authentication?

Multi-factor Authentication

 

Apple uses a custom protocol for Multi-factor Authentication with verified devices. A trusted device is an iOS device iOS 9 or later, or a Mac with OS X El Capitan or later that you’ve already signed in to iCloud using Apple’s Two-factor Authentication. If it’s a device Apple knows is yours, it can be used to verify your identity by displaying a verification code from Apple when you sign in on a different device or to iCloud.com in a web browser. An Apple Watch running watchOS 6 or later can receive verification codes when you sign in with your Apple ID, but cannot act as a trusted device for resetting your password.

 

Apple does allow you to use a trusted phone number as a backup method. Apple requires you to verify at least one trusted phone number to enroll in Two-factor Authentication.

To turn on Two-factor Authentication on your iOS devices: 

  1. Go to Settings > [your name] > Password & Security.

  2. Tap Turn On Two-factor Authentication.

To turn on Two-factor Authentication on your Mac: 

  1. Click on the Apple menu  > System Preferences, then click Apple ID.

  2. Click Password & Security under your name.

  3. Next to Two-Factor Authentication, click Turn On.

 

How to Enable Yahoo! Multi-factor Authentication

  1. Sign in to your Account Security page.

  2. Next to “2-Step Verification,” click Turn on 2SV.

  3. Click Get started.

  4. Select Authenticator app for your 2-step verification method.

  5. Click Continue.

  6. Scan the QR code using your authenticator app.

  7. Click Continue.

  8. Enter the code shown in your authenticator app.

  9. Click Done.

 

How to Enable Outlook Multi-factor Authentication

  1. Go to the Security basics page and sign in with your Microsoft account and select More security options.

  2. Under Two-step verification, choose Set up Two-step Verification to turn it on, or choose to Turn off Two-step Verification to turn it off.

  3. Follow the instructions on the screen.

 

How to Enable FastMail Multi-factor Authentication

 

  1. Open Settings > Password & Security screen.

  2. If this is your first time enabling Two-step Verification for FastMail, you must add a recovery phone to your account.

  3. If you have a recovery phone on your account, go to the Two-step Verification section and click Add.

  4. Click Set Up Two-step Verification.

  5. Select which kind of verification device you’re adding to your account.

  6. Proceed to authentication for your multi-factor app.

 

How do Email Clients Work with Multi-factor Authentication?

For as long as desktop email clients have been around, the way they integrate with email hosting providers has changed a lot. Before the rise of OAuth technology, adding your email account to an email client required you to input your password directly into the app. With OAuth, your email client never receives your password but rather a token that can be easily revoked in the future. Not only does this process increase security, but it also makes it much easier to add your email address to a client as you don’t need to tinker with the IMAP or SMTP settings.

 

Through this OAuth process, your email solution will ask for a multi-factor code which will be generated by a known device (an existing device that’s logged in, Google Authenticator, etc) and inputted into your the OAuth login window.

 

Spike’s secure email app natively integrates your email accounts using OAuth technology. When you add your Gmail, Outlook, or Yahoo! account to Spike, you’ll be prompted to enter your multi-factor authentication password. When setting up iCloud with Spike, you’ll need to create and enter an app-specific password.

 

 

Summary

Multi-factor Authentication might seem like a scary process, but modern email clients have made it much easier. New apps have made managing your multi-factor codes even easier. Spike recommends that you enable Multi-factor Authentication on all of your email accounts that support it.

Spike Team
Spike Team The Spike team posts about productivity, time management, and the future of email, messaging and collaboration.

The future of email is here,
are you ready for it?

You may also like

How to De-Google Yourself

While Google doesn’t control the web, it controls a lot of what’s seen, so getting yourself do-Googled is an essential step to getting your info offline.

Read More