What Is Two Factor Authentication? Do I Need It?

By -

What Is Two Factor Authentication? Do I Need It?
Graphic by Nathaniel Blum

Staying safe in today’s digital world can be as simple as taking an extra security step when you log on to websites. Two-factor authentication (2FA) offers that added layer of protection by requiring you to include a specific code in your login process for a website or online service along with your username and password. 2FA is also referred to as two-step verification or two-step authentication.

How two-factor authentication works

The code is typically retrieved directly from an app or sent to a device (usually your phone via text) so you can then enter the code and access the site. Sometimes this code is only found by scanning a QR code using a specific service. Some 2FA processes require a physical USB security key instead, although those are primarily used in employment and high-level financial service situations.

Online services and devices that involve the use of sensitive information (credit card numbers, Social Security numbers, birthdates, connected security cameras, etc.) often offer two-factor authentication options. You can voluntarily enable 2FA on Google services like Gmail, but other sites require its use to maintain your account. There is no standard process across the internet; every website implements its own version of 2FA. Generally, if the site offers several services—such as Google’s suite of Gmail, Google Drive, Google Docs and other apps—one 2FA sign-in covers all offerings.

Why Two-Factor Authentication Is Important

Significant data breaches rose from less than 200 annually in 2005 to more than 1,500 in 2017, according to the Identity Theft Resource Center. That translates into more than 1 billion personal records accessed by hackers. Eighty percent of website users don’t change their password between the different sites they use, according to Statista. When hackers gain access to usernames and passwords from one website, then it may open the door to access to all your valuable online accounts. Check if your information may have been compromised in a breach.

Once they have your personal information, your savings, checking, credit card, investment, and/or loan accounts are at risk, potentially harming your credit rating with fraudulent unpaid accounts opened in your name. The extra layer of protection 2FA provides makes it much harder for a hacker to steal your information from one site and use it on another.

When should you enable 2FA?

A good rule of thumb is to simply use 2FA with any site or service that offers it. If you want to pick and choose, however, any account you have that involves access to your money and/or social security number should have 2FA enabled.

Beyond the obvious financial accounts (checking, savings, investment, etc.) you might use two-factor authentication for:

  • Online and mobile payment services like PayPal, Venmo, Apple Pay or Google Pay
  • Retail shopping accounts, including Amazon, eBay or Etsy
  • Online subscriptions of all kinds, such as gaming, television and music services
  • Password management accounts
  • Any government accounts that involve the use of your name, social security number and address

How do you set up two-factor authentication?

The process will vary depending upon the site or service you’re using. When offered, you will typically log into a service and use your smartphone to initially verify your identity by utilizing a link that has been emailed or texted to you. In some cases, you will type a number into a box that an authenticator app has sent you.

Some popular authentication services are Authy, Google Authenticator, Microsoft Authenticator and HDE OTP (for iOS users.) These apps all ask you to scan a QR code associated with your account the first time you log in. After that, you are required to enter a numerical code automatically generated by the app each time you log in.

How secure is two-factor authentication?

Once you have 2FA set up, it’s important to always carefully review any authentication requests that are texted to you since the use of it is not foolproof. For example, if you haven’t asked for access to a site and suddenly receive a random code, there could be someone just waiting for you to enter the code so they can gain entry to your account.

Stolen cell phones, too, can be a concern when you use apps to generate 2FA codes. A thief who has access to your phone can potentially use it to gain access to accounts, particularly those you use from your phone. You can thwart fraudsters from gaining access to your 2FA app by adding multiple security options to your mobile devices (such as fingerprint recognition plus a PIN code, for instance) that restrict phone use for anyone but you.

How to enable two-factor authentication for Apple

Two-factor authentication is available to iCloud and iTunes (until it phases out in fall 2019) users who have at least one device that uses iOS or macOS.

To turn on 2FA on for devices use iOS 10.3 or later, follow these steps:

  1. Open Settings > [your name] > Password & Security
  2. Tap “Turn On Two-Factor Authentication”
  3. Tap “Continue.”
  4. Enter and verify the phone number where you want to receive verification codes
  5. Tap “Next”
  6. Enter the verification code sent to your device
  7. Turn on the authentication

To turn on 2FA on for devices use iOS 10.2 or earlier, follow these steps:

  1. Open Settings > iCloud
  2. Tap your Apple ID > “Password & Security”
  3. Tap “Turn On Two-Factor Authentication”
  4. Tap “Continue”
  5. Enter and verify the phone number where you want to receive verification codes
  6. Tap “Next”
  7. Enter the verification code sent to your device
  8. Turn on the authentication

Now that you know what two-factor authentication is, consider using it to keep your information safer when you use a website or online service.

Disclaimer: The above is solely intended for informational purposes and in no way constitutes legal advice or specific recommendations.

About the author