What is two factor authentication?

Two-factor authentication is known by many names such as 2FA, two-step verification, multi-factor authentication, and more. No matter what name it goes by they all have one thing in common, requiring you to take a second step to verify you are the owner of an account.

Many of you have probably gone your whole lives using two-factor authentication without even realizing it. One of the best examples of this is when you make a purchase with your debit card and you enter your PIN.

Believe it or not, that is two-factor authentication in practice. By requiring you to not only have your card but also know a secret PIN code to prove the account belongs to you. If you’ve ever signed into an account online and been required to receive a security code via text, this is also 2FA.

Why You Should Use Two-Factor Authentication

If you’ve never used two-factor authentication before it’s time to change that. In the past, using only a username and password to protect our accounts was enough to make us feel secure. Unfortunately, as time goes on security breaches have become more common. Most times they include your username, password, and sometimes both.

I’m sure at some point in the past you’ve gotten an alert to update or change your password for a site or service you use. Either due to them being breached or because you used the same username or password on other sites that were breached.

Using two-factor authentication will not prevent this from happening. However, it will prevent someone from using the information in the breach from accessing your account until you’ve had time to update your username or password.

How does Two-Factor Authentication work?

After setting up two-factor authentication it begins the same as any other log in attempt. You start by entering your username and password and then you are forwarded to a page asking for a secondary code. Most times this is sent to you via text but you can also use a dedicated app for this such as Google Authenticator or Authy if it is supported.

The Google Authenticator or Authy apps can take over generating your secondary code without access to the internet and refresh automatically. If you are in an area with a spotty cell signal or internet connection this can be very beneficial.

In some cases, you may come across an app or service that does not support logging in with two-factor authentication. If this happens you’ll need to generate an app password from the original service such as Google. Generally, these can be generated on demand or you can print out a hard copy list to keep track of them.

Are there any downsides to using Two-Factor Authentication?

The truth is, adding another step to the login process is inconvenient. Each time you log into your account you will be prompted for a security code. You’ll then have to wait for the code to be texted to you and enter it before you can access your account. The codes often also expire within a set amount of time, generally around 60 seconds. If you miss this window of time then you’ll have to request another code.

This can be a hassle and we’re often looking for ways to make our lives more convenient not less. However, if you consider the damage that can be done and the trouble it would take to regain control of your account, I think you’ll realize the extra time 2FA takes is worth it.

The other downside is two-factor authentication is still not 100% secure. If someone has access to your username, password, and phone they can still sign into your accounts. There is also still the possibility that hackers can find a way to intercept your texts. It is up to you to ensure your username, password, and phone stays secure as well as changing your passwords often.

Where Should You Use Two-Factor Authentication

Two-factor authentication is something everyone should use on all of their important accounts. Whether it’s your social media accounts, Amazon, eBay, or Paypal. All of these services provide two-factor authentication. Any account online that includes personal information about you or is valuable to you should have 2FA enabled.

It is important to check how to enable 2FA for each of these sites and any other essential accounts you have online. Any time you hear someone say they’ve been hacked or their account was stolen most likely could have been prevented by enabling two-factor authentication. Below I’ve compiled a list of links to instructions on how to enable two-factor authentication on some of the most common sites.

While it is not perfect two-factor authentication provides another layer of protection between you and those who would try to access your accounts. The more layers you can put between nefarious people and your accounts the better. If you take the time to set it up now you’ll be grateful for the time and trouble it could save you in the future.