Two-factor authentication might sound like a big, fancy, complex concept, but you’ve most likely been unwittingly using it for years.
Swipe a debit card and been asked for your PIN? Use a credit card and had to provide your ZIP code? Need a passcode to access your cellphone? Try to check your bank account online and have to confirm squares of street lights or a Swiss cottage?
That’s all two-factor authentication, and it’s one of the best ways around to simply add a layer of online security and keep your information safe from prying eyes — or algorithms. Having your login information fall into the wrong hands can create a disastrous situation for you. So, if you haven’t already, enable two-factor authentication for all your passwords — website, social media, other online app platforms or important memberships that contain personal data.
According to CNET, there are three basic types of authentication:
- Something you know. This could be a password, code, PIN, or any other answer to a question that, in theory, only you should know.
- Something you have. This would be your phone, credit or debit card, etc.
- Something you are. This is a biometric, such as your fingerprint, retina, face or voice.
Any log-in process you have that requires any two of those is, by definition, two-factor authentication.
More and more online applications and sites are offering two-factor authentication in order to make it more difficult for hackers to gain access to sensitive and potentially damaging information on you or your business. For clarity, The terms “two-step verification” and “multifactor authentication” refer to the same concept.
The most widely used form of two-factor authentication is entering your password, then receiving another one-time code via text message or an app.
Where’s the extra security there? A potential hacker would need to steal both your password and your phone in order to get into your account, as opposed to just breaking your password.
Given the choice between the two, we recommend that you use an authenticator app instead of a text message. Texts are easier to intercept, particularly if you sync your messages with a computer or tablet that a hacker could get into. And a phone authenticator would actually provide a third level of security: password, phone, and phone password. App authenticators also timeout after just a few seconds, making even more difficult for hacking attempts.
Google and Microsoft are among companies that offer third-party authenticator apps.
Two-factor authentication doesn’t make it impossible for your information to be hacked, but it does add another level of protection. It will make you less vulnerable during an actual attack, as well as making it less likely for a hacker to go after you, due to the extra work required to access your information.
One more thing to consider: using two-factor authentication is most definitely not an excuse to use a weak password. That would be a little bit like trading in your rottweiler for a pug just because you put a fence around your yard. Two levels of strong security are always better than any other one-level alternative.