If you want to keep your online accounts safe, adding two-factor authentication (2FA) is the single most important step you can take. While no security measure is 100 percent hackproof, 2FA is going to go a long way to locking down access to your important accounts.
As the name suggests, 2FA adds another level of authentication to the login process. It means you need something besides your username and password to get into your account—and with swaths of login credentials regularly published online, it’s in your best interests to put that additional step in place.
We’ve discussed 2FA before, but there have been some useful updates since then. Here we’ll outline exactly what two-factor authentication is, how it works, and how you can set it up. It doesn’t take long to put 2FA in place, and the next time someone else tries to access your account with a stolen set of login details, you’ll be glad you did.
How Two-Factor Authentication Works
Logging into your accounts with an email address and password is fine, up to a point, but these details can get lost, stolen, guessed, or teased out of you with some clever social engineering. Two-factor authentication adds another access barrier for unauthorized visitors who have gotten hold of your primary login credentials.
Two-factor authentication—and the similar two-step authentication, which is sometimes treated as a different mechanism and sometimes not—means you need another bit of information besides your password and email address. Most commonly in most consumer apps, it’s either an SMS code sent to your phone, or a code generated by a dedicated authenticator app.
When you’re setting up 2FA, you’re asked to prove that you’re the owner of your phone and the associated cell number, and that gives you the authorization to generate and receive codes. Unless hackers get access to your phone as well your email address and password, they won’t be able to log in. 2FA codes are sometimes sent via email as well, and in some cases can be replaced by a physical object like a USB key, which you’ll need to get into your account (Google offers this as an option).
For most services and accounts, this extra code isn’t required every single time you open the app or site—that would get tedious very quickly. Instead, 2FA jumps into action when you try to log in on a new device that you haven’t used before or haven’t accessed in a long time, like a new phone or a laptop that hasn’t been associated with your account in the past.