What Is Two-Factor Authentication, And Why You Should Use It

Fingerprint   What Is Two Factor Authentication, And Why You Should Use ItTwo-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card, but also a PIN, a signature, or an ID. With 1FA becoming increasingly unreliable as a security measure, two-factor authentication is rapidly gaining importance for logging into online accounts.

Per default, almost all online accounts use password authentication, i.e. a one-factor authentication method. The problem with passwords is that they are easily hacked. A further problem is that many users still use one and the same password for all their accounts. While being a bit of a hassle, 2FA significantly increases security by asking for an additional authentication factor, thus making it much harder to hack an account.

What Exactly Is Two-Factor Authentication (2FA)

As mentioned in the introduction, 2FA is a login method. The two authentication factors can be one of the following:

  • Something you know, typically a password or the answer to a security question
  • Something you have, for example a security code sent to your mobile or an ATM card
  • Something you are, i.e. biometric data such as your fingerprints

Everyday examples where 2FA is employed are drawing money from the ATM (card + PIN), paying with a credit card (card + signature OR card + PIN OR card + security code), or entering a foreign country (passport + biometric data).

Sim Card and Lock   What Is Two Factor Authentication, And Why You Should Use It

Why You Should Use It

Imagine someone hacked into your email account. What kind of information would they gain access to?

Here is an idea: user names of other accounts, passwords to other accounts, alternative email addresses, personal data, personal photos, scanned documents, information about your friends, family, and other contacts, credit card numbers, bank account numbers, insurance numbers, anything else?

Would this information potentially help them to hack into some of your other accounts, for example Facebook? And at how many places have you logged in using your Facebook or another social media account?

Identity Theft   What Is Two Factor Authentication, And Why You Should Use It

When you think about it, you will find that most of your online accounts are interlinked. Hacking one of them probably gives a smart person access to several other of your accounts. In other words, if someone manages to hack into one of your key accounts, your identity has practically been stolen and the potential consequences are madness.

Where You Should Use It

Ideally, you should use 2FA for all accounts where you store any type of personal information, as well as accounts that have payment information linked to them. This includes, but is not limited to:

  • email account/s
  • Facebook and similar social media accounts
  • online banking
  • online payment accounts
  • online shopping accounts
  • any type of cloud storage service
  • online gaming accounts

Unfortunately, not all online accounts or services offer 2FA or are clear about it. Often, it’s a matter of poking around their website to find additional security options.

Login Window   What Is Two Factor Authentication, And Why You Should Use It

Two key online services that do offer 2FA and for which you should definitely enable it are Facebook (login approvals) and Google (2-step verification). You can read more about their respective 2FA features here:

Conclusion

2FA is an indispensable security measure for your key online accounts, such as email, banking, or social networking. While two-factor authentication doesn’t mean your accounts are immune to attacks, it does make your accounts more resilient as a hacker needs to crack more than a simple password. Whether or not a second authentication factor is worth the hassle depends on the account and what type of information is stored in it.

Where are you using two-factor authentication and do you think it’s worth the hassle?

Additional Reading

How To Create A Security Question That No One Else Can Guess

How To Use Facebook Login Approvals & Code Generator [Android]

Get Secure: 5 Firefox Addons For Serious Password Management

Image credits: Fingerprint via Shutterstock, SIM Card and Lock via Shutterstock, Identity Theft via Shutterstock, Login Windows via Shutterstock

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

15 Comments -

0 votes

GrrGrrr

Thanks Tina, nice article.
I use 2FA for online banking. It makes me feel secure and happy.

0 votes

Scott

I would *love* more email services to use 2FA, but so far only Gmail does, afaik. But Gmail’s tech support and account recovery procedure can be such a nightmare to go through (at least according to ‘testimonies’ I’ve read online of people who have had their accounts compromised and needed to go through that grueling process), that I don’t really feel all that much safer using Gmail + 2FA.

2FA = Better preventative security, for sure. But I’d like to see a service that introduces 2FA *and* has better, more personal tech/customer support. Hushmail ? Polarismail ? EuMX.net ? MyOpera ?

I wonder who will be the next email provider to implement 2FA ?…….

0 votes

venkatp16

Good one..

Gmail sends code to your mobile in process of 2FA.. hackers have crossed a mile and they are even sniffing the mobile network. If any service is compromised and they have my mobile number can’t they hack that also. How far is this is secure?

0 votes

Daniel Escasa

For whatever it may be worth, you can use Google Authenticator if you have an Android device. Far as I can tell, it doesn’t require any data connectivity and therefore there’s no data to intercept along any transmission medium (cellular or WiFi).

0 votes

Ruben Marrero

I use 2FA for email, facebook, banking

0 votes

Patricia

Dropbox is now offering this as well

0 votes

Tina

Thanks for the update, Patricia!

0 votes

xbalesx

Tina, thanks for the article and info. I have implemented 2fa on a handful of sites after reading this. It is much appreciated.

0 votes

Tina

Glad to hear I made a difference! :)

0 votes

anthonymonori

I use 2FA wherever I can. I take security very seriously. Good article, it should be a must-read for everybody on the internet.

0 votes

Joboy

I can’t seem to find the “Login Approvals” tab on my Facebook Account Settings…

0 votes

Joro

Joboy go to your Profile Settings in Facebook. Then click on the Security tab ( the second button from top to bottom on the left column ) And in the new opened page activate the 4th option Login Aprrove :)
About the article … Of course it is necessary to have such security measures for your online account. It doesnt matter what information you have stored in your account, you should activate such verification methods to be sure that only YOU can log in to these websites. I have activated 2FA for my gmail, fb, and i would like to see every page on the net with such verifications …

0 votes

Abdullah Sorathia

2FA give reliable security..

0 votes

Bishal Mahat

nice knowledge giving article

0 votes

Howard from Space

I use Two-Factor Authentication across a lot of my accounts. I feel a lot more secure when I can telesign into my account. If you have that option available to you use it, it is worth the time and effort to have the confidence that your account won’t get hacked and your sites are not up for grabs. If you opt into 2FA, you will have to “Confirm your phone”. You would receive a text message with a specific code to be entered into the system. If you don’t want to do this every single time, you can designate your smartphone, PC, or tablet as a trusted device and they will allow you to telesign in without the text code. Should an attempt to login from an unrecognized device happen, it would not be allowed.