Our users’ security is always one of Surfshark’s top priorities. That’s why we were one of the first VPN providers to go through an independent security audit. Now, we’re one of the first ones to offer all our clients two-factor authentication (2FA).
2FA is currently optional for Surfshark users who only use our VPN services. However, due to potentially sensitive information that Surfshark Alert users will have on their accounts, we will require all Alert users to use two-factor authentication.
What’s two-factor authentication & why is it important?
Two-factor authentication is a commonly used security method that helps prevent specific types of attacks, such as brute-forcing. It introduces an additional step when you’re logging in, which, in turn, makes it much harder to guess your password with automated tools.
2FA is not perfect, but it is relatively easy to use and effective. According to a Shape Security report, over 90% of login attempts are what’s called “credential stuffing”. Credential stuffing is when hackers use leaked credentials from one site to try and hack another site’s users with the same data.
This works pretty well because a lot of people tend to reuse their login details. It’s even more dangerous than brute-forcing, where hackers try to take over accounts without having such a relatively precise context. Two-factor authentication makes it more difficult to exploit accounts in such ways.
You should remain aware, however, that one of the oldest, most common, and efficient hacking methods are phishing. It works because manipulating people is easier than manipulating machines – therefore, you should know that Surfshark will never ask for your authentication codes. You should not reveal them to anyone at all.
How to use 2FA at Surfshark?
You can turn on two-factor authentication via the website in your account panel. Here’s a guide that covers all the details! If you’ve done something like this before, it will be pretty straight-forward. You should know, however, that you will be logged out of all your apps and will have to log in again using 2FA.
Another important detail is that we offer authentication via your email or an authentication app (like Google Authenticator or similar). We recommend using the former so that in case of a breach to your email, your Surfshark account remains secure.
We know that a lot of our users share their accounts with their whole family. If that’s the case for you, here’s how you can enable two-factor authentication for everyone in your household.
Our user security remains one of the key things that we are working hard on to keep improving in 2020. While we’re aware that 2FA isn’t the end of this journey, we’re proud to have implemented it, and we hope that you’ll benefit from using it on your Surfshark account.