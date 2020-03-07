Your Samsung smartphone is about to become a bit more secure.

AFP via Getty Images

Samsung has undoubtedly been pulling security rabbits out of the hat so far in 2020. Perhaps the revelation that Samsung Galaxy S20 smartphones will come with a secure element dedicated security chip being the highlight. Now the Android smartphone giant is bringing mandatory two-factor authentication (2FA) to the masses, with millions of users likely to benefit from this security update.

Who is getting mandatory 2FA?

This security surprise may not be that surprising to those of you who have been following my advice to make use of 2FA wherever possible. I have been using 2FA as an additional security layer to help protect my Samsung Account since it was first introduced. What has changed, however, is that the Samsung Account app has now been updated to include a mandatory 2FA requirement. Once your Samsung Account app has been updated to version 11.1.01.3, all account logins will require this secondary layer of authentication.

The mandatory 2FA requirement will apply to both new and existing account holders. The latter will be required to enter a one-time code when logging in, regardless of whether they had already enabled 2FA or not. The slight fly in the security ointment is that those existing account holders won’t be “forced” into the 2FA process while they remain logged in. Only once they have logged out of the account will mandatory 2FA kick-in during the next login attempt. Personally, speaking as something of a confessed security geek, I’d be happier if some force was applied. I’d rather see everyone logged out of their accounts following the app update and so required to re-authenticate and become part of the 2FA family. An attacker, whoever that may be, will be required to enter a 2FA code they don’t have access to if they try and access your account, though, so security is maintained during the mandatory migration process.

Is 2FA the security messiah?

Although such account access 2FA requirements won’t save you from every security threat out there, like the critical Android rooting vulnerability that emerged earlier this week or the, admittedly rather unlikely, $5 SurfingAttack hack, it’s not to be sniffed at. With the ready availability of off-the-shelf phishing kits on the dark web and the sheer number of data breaches that expose login data, passwords are a known weak point. Especially when reused across accounts as so many still do or constructed in such a fashion that they aren’t strong enough in the first place. As an aside, the FBI, of all people, has some good advice to help with the password construction problem that’s worth reading.

Enable 2FA without waiting for the Samsung Account app update

Although it’s not clear at this point how long it will take for the Samsung Account app update to roll out globally, I would advise readers to pre-empt it and ensure you have 2FA enabled anyway. You can check what version your account app is by going to Settings|Accounts and backup\Accounts and selecting your Samsung Account. From here, use the vertical ellipsis menu to select “About Samsung account” and find out if an update is available to you. If not, go back a step and select the “Password and security” option from where you can enable 2FA anyway. Once you’ve entered your password or used your fingerprint to access the 2FA options, you can then follow the straightforward instructions to get this vital extra layer of protection added to your account. You’ll be happy to learn, I’m sure, that there is an option for using an authenticator app rather than relying on the much less secure code delivered by SMS to your smartphone 2FA route.

