We explain what two-factor authentication is, how it works and why we recommend using it whenever possible.
Nearly everyone will be fully aware of the typical process of logging into an online account. You go to the website’s login page, type in your username or email address, and then you type in your password. Click Login and voila, you’ve logged into your account.
This simple process that we’ve all completed numerous times is called SFA. That stands for single-factor authentication. It means that the only level of security involved in the process is the password.
While this process was once upon a time considered relatively secure, times have changed. There are a number of different methods a crook can obtain your password, including malware, phishing emails, credential stuffing attacks following data breaches, social engineering schemes, brute force attacks and unsecure Wi-Fi. Your password is not as secure as it used to be. Relying on it as a barrier to keep cyber crooks out of your important online accounts isn’t sufficient. You need an extra layer of security. And that is two-factor authentication (2FA.)
What is Two-Factor Authentication?
Two-factor authentication is a feature offered by many online services (including Facebook, PayPal, eBay, banks, webmail accounts) which offers your account an extra layer of security. So if a crook does get their hands on your account password, this doesn’t provide access to your online account.
Most two-factor authentication methods only require you to use this extra layer of security once per device. Once you’ve done it on a device, the website assumes this is a trusted device and doesn’t require you to complete the extra step every time you login.
Types of Two-Factor Authentication
What that extra layer of security is depends on what 2FA option you choose. Many websites have different choices. The three most popular options are SMS codes, push notifications and using an authenticator app.
When setting up this method you will need to give your phone number to the website. This is because the extra layer of security will come in the form of a PIN code that is texted to your phone via SMS. So you’ll need both your password and the PIN code to login.
This option is popular with services like Google, where you will likely be logged into multiple devices at once, such as your phone, tablet and PC. A push notification will send a notification to a second trusted device that you’re logged into, asking you to confirm that it is you trying to login on the first device. So to login you’ll need your account password and a trusted device you’re already logged in to.
Third party authenticator apps on a smartphone can automatically generate PIN codes every few seconds, so when you login, you just need to open the authenticator app and type in the PIN that is currently being displayed. So to login, you’ll need your password and your smartphone with the authenticator app installed.
There are other types of two-factor authentication options, though these are less popular and only supported by a smaller number of sites. Most notably this can include physical USB keys that need to be plugged into a device for it to login successfully.
Sponsored Content. Continued below...
Is Two-Factor Authentication recommended?
If a website or service you use has a two-factor authentication option enabled, we strongly recommend using it. Two-Factor Authentication is an effective and simple solution to keep your accounts safe from the majority of Internet scams.
The reality is that in today’s climate, a password is no longer adequate by itself to protect online accounts. Even if you do follow good security habits, data breaches and software vulnerabilities could still give crooks information about you that they shouldn’t have, and targeting phishing scams are becoming more and more convincing each and every day.
From our experience, the vast majority of cyber intrusions involving compromised online accounts would have been stopped in their tracks has the account owner enabled Two-Factor Authentication.