CDT’s Election Cybersecurity 101 Field Guides are a series of short, simple, usable guides intended to help election administrators and staff better understand key concepts in cybersecurity.
What Is Two-Factor Authentication
Authentication allows you to prove you are who you say you are. You do this by demonstrating access to a particular credential, for example a username and password. Some accounts or devices require that you have access to more than one credential – something you have, something you are, and/or something you know. All three may be required in the most high-security scenarios, in order to make absolutely sure that the person presenting the credentials is the person who can legitimately access the account or devices. For gaining access to most accounts or devices, this is usually something you know: a password. Two-factor authentication combines another piece of information from those categories to supplement a password; essentially, it adds an extra layer of security for your accounts – for example, requiring a password plus a 6-digit code sent to your phone. Two-factor authentication is also called multi-factor or 2-step verification, but is commonly known as 2FA. Think of 2FA as two different kinds of keys that need to be combined to unlock your account or device.
Why 2FA Is Important
2FA helps prevent someone guessing or stealing your password in order to access your account or unlock your device. Criminals may get your username and password along with millions of other stolen credentials as part of a large data breach or may target you specifically by tricking you using phishing emails. Phishing emails are the most likely cybersecurity threat that you will face. 2FA helps ensure that, even if someone knows your password, you’re the only person who can access your account and guards against unauthorized changes to or theft of election data like voter registration information or voting machine configuration files.
For other field guides, more resources, and info on what CDT is doing to help election officials, check out our Election Security campaign.