Pinterest Stumbleupon Whatsapp
Ads by Google

two-factor authenticationTwo-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card, but also a PIN, a signature, or an ID. With 1FA becoming increasingly unreliable as a security measure, two-factor authentication is rapidly gaining importance for logging into online accounts.

Per default, almost all online accounts use password authentication, i.e. a one-factor authentication method. The problem with passwords is that they are easily hacked. A further problem is that many users still use one and the same password for all their accounts. While being a bit of a hassle, 2FA significantly increases security by asking for an additional authentication factor, thus making it much harder to hack an account.

What Exactly Is Two-Factor Authentication (2FA)

As mentioned in the introduction, 2FA is a login method. The two authentication factors can be one of the following:

  • Something you know, typically a password or the answer to a security question
  • Something you have, for example a security code sent to your mobile or an ATM card
  • Something you are, i.e. biometric data such as your fingerprints

Everyday examples where 2FA is employed are drawing money from the ATM (card + PIN), paying with a credit card (card + signature OR card + PIN OR card + security code), or entering a foreign country (passport + biometric data).

two-factor authentication

Why You Should Use It

Imagine someone hacked into your email account. What kind of information would they gain access to?

Ads by Google

Here is an idea: user names of other accounts, passwords to other accounts, alternative email addresses, personal data, personal photos, scanned documents, information about your friends, family, and other contacts, credit card numbers, bank account numbers, insurance numbers, anything else?

Would this information potentially help them to hack into some of your other accounts, for example Facebook? And at how many places have you logged in using your Facebook or another social media account?

what is two-factor authentication

When you think about it, you will find that most of your online accounts are interlinked. Hacking one of them probably gives a smart person access to several other of your accounts. In other words, if someone manages to hack into one of your key accounts, your identity has practically been stolen and the potential consequences are madness.

Where You Should Use It

Ideally, you should use 2FA for all accounts where you store any type of personal information, as well as accounts that have payment information linked to them. This includes, but is not limited to:

  • email account/s
  • Facebook and similar social media accounts
  • online banking
  • online payment accounts
  • online shopping accounts
  • any type of cloud storage service
  • online gaming accounts

Unfortunately, not all online accounts or services offer 2FA or are clear about it. Often, it’s a matter of poking around their website to find additional security options.

two-factor authentication

Two key online services that do offer 2FA and for which you should definitely enable it are Facebook (login approvals) and Google (2-step verification). You can read more about their respective 2FA features here:

Conclusion

2FA is an indispensable security measure for your key online accounts, such as email, banking, or social networking. While two-factor authentication doesn’t mean your accounts are immune to attacks, it does make your accounts more resilient as a hacker needs to crack more than a simple password. Whether or not a second authentication factor is worth the hassle depends on the account and what type of information is stored in it.

Where are you using two-factor authentication and do you think it’s worth the hassle?

Additional Reading

How To Create A Security Question That No One Else Can Guess How To Create A Security Question That No One Else Can Guess How To Create A Security Question That No One Else Can Guess In recent weeks I have written a lot about how to make online accounts recoverable. A typical security option is setting up a security question. While this potentially provides a quick and easy way to... Read More

How To Use Facebook Login Approvals & Code Generator [Android] How to Use Facebook Login Approvals and Code Generator on Android How to Use Facebook Login Approvals and Code Generator on Android To keep your device secure, we show you how to set up Login Approvals and Code Generator on Facebook for Android. Read More

Get Secure: 5 Firefox Addons For Serious Password Management Get Secure: 5 Firefox Addons For Serious Password Management Get Secure: 5 Firefox Addons For Serious Password Management Read More

Image credits: Fingerprint via Shutterstock, SIM Card and Lock via Shutterstock, Identity Theft via Shutterstock, Login Windows via Shutterstock

  1. david
    March 12, 2015 at 7:05 pm

    Good, give also to Google your phone (which is probably android) number and only your banking information will be missing to them.

    • Bruce E
      May 16, 2015 at 1:08 am

      You aren't giving them anything they don't already know with your suggestion. When an Android phone is initially configured, it wants a GMail account to link up with Google+, set up your email on the device, configure the Play Store so you can download apps and get updates, etc. It is the same type of behavior performed on Windows and the iPhone, just with a different company.

  2. Howard from Space
    October 22, 2012 at 4:21 pm

    I use Two-Factor Authentication across a lot of my accounts. I feel a lot more secure when I can telesign into my account. If you have that option available to you use it, it is worth the time and effort to have the confidence that your account won't get hacked and your sites are not up for grabs. If you opt into 2FA, you will have to "Confirm your phone". You would receive a text message with a specific code to be entered into the system. If you don't want to do this every single time, you can designate your smartphone, PC, or tablet as a trusted device and they will allow you to telesign in without the text code. Should an attempt to login from an unrecognized device happen, it would not be allowed.

  3. Bishal Mahat
    October 19, 2012 at 9:10 am

    nice knowledge giving article

  4. Abdullah Sorathia
    October 19, 2012 at 1:33 am

    2FA give reliable security..

  5. Joboy
    September 12, 2012 at 3:17 pm

    I can't seem to find the "Login Approvals" tab on my Facebook Account Settings...

    • Joro
      September 25, 2012 at 1:11 pm

      Joboy go to your Profile Settings in Facebook. Then click on the Security tab ( the second button from top to bottom on the left column ) And in the new opened page activate the 4th option Login Aprrove :)
      About the article ... Of course it is necessary to have such security measures for your online account. It doesnt matter what information you have stored in your account, you should activate such verification methods to be sure that only YOU can log in to these websites. I have activated 2FA for my gmail, fb, and i would like to see every page on the net with such verifications ...

  6. anthonymonori
    August 31, 2012 at 2:32 pm

    I use 2FA wherever I can. I take security very seriously. Good article, it should be a must-read for everybody on the internet.

  7. xbalesx
    August 29, 2012 at 6:31 pm

    Tina, thanks for the article and info. I have implemented 2fa on a handful of sites after reading this. It is much appreciated.

    • Tina
      September 6, 2012 at 4:23 pm

      Glad to hear I made a difference! :)

  8. Patricia
    August 29, 2012 at 4:54 am

    Dropbox is now offering this as well

    • Tina
      September 6, 2012 at 4:23 pm

      Thanks for the update, Patricia!

  9. Ruben Marrero
    August 29, 2012 at 1:16 am

    I use 2FA for email, facebook, banking

  10. venkatp16
    August 29, 2012 at 1:12 am

    Good one..

    Gmail sends code to your mobile in process of 2FA.. hackers have crossed a mile and they are even sniffing the mobile network. If any service is compromised and they have my mobile number can't they hack that also. How far is this is secure?

    • Daniel Escasa
      August 29, 2012 at 8:08 am

      For whatever it may be worth, you can use Google Authenticator if you have an Android device. Far as I can tell, it doesn't require any data connectivity and therefore there's no data to intercept along any transmission medium (cellular or WiFi).

  11. Scott
    August 28, 2012 at 11:12 pm

    I would *love* more email services to use 2FA, but so far only Gmail does, afaik. But Gmail's tech support and account recovery procedure can be such a nightmare to go through (at least according to 'testimonies' I've read online of people who have had their accounts compromised and needed to go through that grueling process), that I don't really feel all that much safer using Gmail + 2FA.

    2FA = Better preventative security, for sure. But I'd like to see a service that introduces 2FA *and* has better, more personal tech/customer support. Hushmail ? Polarismail ? EuMX.net ? MyOpera ?

    I wonder who will be the next email provider to implement 2FA ?.......

  12. GrrGrrr
    August 28, 2012 at 5:43 pm

    Thanks Tina, nice article.
    I use 2FA for online banking. It makes me feel secure and happy.

Leave a Reply

Your email address will not be published. Required fields are marked *