We all worry about online security these days because so much of our lives are conducted on the internet. The war between hackers and security experts is ongoing, with no one side declaring victory yet. Luckily, we consumers have some smart security wonks on our side and they came up with a simple, almost foolproof, way of protecting your identity: Two-Factor Authentication (2FA) which has become the gold standard for online security. .
If a site has ever sent a code to your cell phone which you then input online, you’ve used 2FA already
What is the difference between two-factor authentication and two-step authentication?
Two-step authentication is when a site requires a password and a username. Passwords are notoriously insecure. Too many of us use the same passwords for years, and use easily guessable names, dates or numbers. 2FA ups the game by also requiring something only you possess, like your cellphone.
Why 2FA works
2FA authentication increases security by requiring two different forms of identification in order to access something. It requires not only something you know, like your password and username, but something you have, like your cell phone which can be sent a one-time code to authenticate your account. Unless a hacker has your cellphone 2FA is virtually foolproof.
2FA is not only for online sites. It’s used in other ways as well, such as withdrawing money from an ATM. Accessing your account requires both your ATM card and a PIN. Is 2FA really secure for bank accounts? This article will reassure you.
Even gas stations use 2FA to make sure your credit card isn’t stolen. You need both the card (something you possess) and something you know (your PIN or your zip code) to unlock the pump.
2FA is preferable to those senior-unfriendly security questions we all hate. How many of us can remember our first pet or elementary school’s name?
How to set up 2FA on all your devices
Setup for 2FA varies from device to device. In general you go to “settings” then select “security” and then the menu item for “two-step verification.” You can choose a cell phone or email notification for the code to be sent to.
Here’s how to enable 2FA on all your devices.
Here’s more good information about 2FA and setup advice.
Warning! 2FA is not foolproof
2FA can be “phished” or “spoofed” if you respond to a phony site’s request to log in. Hackers twist the site’s name slightly, like using LinkedIn.co instead of .com to trick you. This article explains how to protect yourself.