Privacy Tools 🛠

What is two factor authentication (2FA)?

Two factor authentication secures your account to keep out hackers. Here’s how it works, why it’s important to use 2FA and the best ways to set it up

You may have noticed that more and more companies are suggesting, or even requiring, you set up something called two-factor authentication when you signup for a new account. So what is two factor authentication?

Also known as two-step authentication or 2FA, two-factor authentication is adds an extra layer of protection to your account. The first factor is your normal username and password combo. The second factor, or step, is either a text message to your phone number or a code generated by a third-party app.

It’s that added step that makes it harder for hackers to break into your account. Even if they somehow know your password, they most likely don’t have access to your device. The second factor is something completely unrelated to the password that you created that makes things exponentially difficult for those seeking to do you harm.

Many companies and services strongly recommend this second layer of protection. This prevents victims of the latest data breaches from have their accounts hacked. Without 2FA, your accounts could be comprised or your identity stolen if your data appears online! It’s a worst-case scenario that’s, unfortunately, happening more often than ever.

How two factor authentication works

Two-factor authentication isn’t something new altogether. If you’ve had to show your diver’s license or another form of ID when using a credit card, that’s two-factor. Another version of 2FA: entering your PIN after swiping your credit card?

Two-factor authentication online works in a similar fashion. Even if it’s annoying and inconvenient, it’s the best line of defense against hackers. It adds a step that’s more difficult to crack than a password, as it requires access to a physical device.

[image credit]

Forms of two-factor authentication

Two-factor authentication comes in three flavors. Each ensures that the persona attempting to access the account is either the owner or has permission.

There are three types of 2FA:

  1. Something only you know (mother’s maiden name, first dog’s name);
  2. Something you have (email account, physical phone, smart watch);
  3. Something you physically are (body part).

Personal detail verification

Many banks and services ask for personal details as a means of verification. To log in, you will usually be asked the answer to a question only you would have known while setting up your account such as “what was the name of your childhood best friend” or “what was your favorite class in high school.”

Unfortunately, since so much of our personal data lives online, these questions can actually easy to guess. If you choose to use these personal questions, treat them like mini-passwords: don’t use the actual answer and append a few numbers. So your mother’s maiden name could be “Lorraine481.” As long as you track it with one of the best password management apps, it’s safer than using the actual name.

Sometimes, the questions will be based on your credit history and will ask you the make or model of your old vehicles or the names of companies you may have worked for in the past.

Device verification

The second type is device verification. It’s the most common — and the most secure.

One of the most popular 2FA apps is Google Authenticator.

When we talk about something you have, we are talking about physical and cyber objects. The most popular being cellphones, smartphones, and digital security keys or fobs.

Companies will send you temporary codes to devices that only you should have ahold of such as your cellphone, smartphone or email, and ask you to enter that code in a restricted amount of time.

A few of the more popular forms are authenticator apps on smartphones which will present numerical codes to users that are only available via that user’s smartphone.

Another common form of 2FA involves a code sent to your phone or email address. You enter your account’s phone number or email, and the service will email a temporary numerical code to the user.

The code sent to your phone is 2FA

Physical verification

The third type of authentication is via bodyparts that are uniquely yours. Think of Apple’s FaceID: it allows you to unlock apps, make payments and generally use your device without having to enter passwords.

Why do I need two-factor authentication?

Two-factor authentication is universal. It’s available for Google, Facebook, Twitter, banking websites, and any other site that requires secure access.

2FA is necessary in a world full of identity theft. Cybercrime, mainly data breaches and identity theft, is pervasive. Hackers use old passwords and logins to brute force their way into accounts (one of the most common types of data breaches).

Cybercriminals can use your login information to cause serious damage to your credit score, your credibility and your finances. They could enter into contracts under your name, use your social security number to file a fake tax return, open credit cards in your name and even steal money from your bank account.

To ensure that you are protected, make sure you are using two-factor authentication whenever you can, ensure you know how to create a strong password and practice good digital hygiene

Pro tip: make sure to transfer your authenticator apps to your new phone! It’s a huge pain to lose access to your 2FA. If you forget, you’ll have to contact each company to regain access. Some companies, like Facebook, make it difficult to get help from an actual human!