Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Protect Your Online Accounts with Two-Factor Authentication Now!

by Elmer Montejo on March 28, 2017

We all know that a password that's tough to crack provides protection against unauthorized intrusion into your digital accounts, but what if your user name and password are stolen? Recently, a hacker group announced they have access to 250 million iCloud accounts (Apple IDs and passwords) and is threatening to wipe users' devices. Scary, right? But you can prevent it from happening by turning on two-factor authentication (here's how for your Apple ID). And it's not just Apple. Many companies now offer users the option to log in using two-factor authentication.

What is two-factor authentication?

Two-factor authentication (also known as 2-step verification) is a log-in process that requires users to prove that they are who they claim to be not once but twice. The required proofs usually combine two of the following:

  • Something known only to the user such as a password or PIN
  • Something that the user has to have in hand, such as an ATM card, smartphone or passcode generator key
  • Scans of some physical or biometric property of the user such as retinal scans, voice identification or fingerprints

If you cannot supply both the required proofs of your identity, the system will not authenticate you and you will not receive access.

Improved security

Because it uses not one but two security measures, two-factor authentication arguably provides tighter — though not absolute — security than password- or PIN-based systems. No matter how complex a password is, someone out there is smart enough to guess or steal it, often by electronic means or by social engineering techniques such as phishing.

But when two-factor authentication is in place, even intruders who know your password are barred from accessing your account if they cannot supply the other required proof. Think of it as a second lock on your door.

Where two-factor authentication is used

We’ve all seen movies where scientists develop some top-secret gadget in a heavily secured lab. Access to the lab is severely restricted with multi-factor verification mechanisms. A whitelisted scientist can enter the lab by undergoing a retinal scan, then by speaking to authenticate the voice print, then by typing a long passcode at a terminal with fingerprint-scanning buttons. Quite exaggerated, but that’s multi-factor authentication at its finest.

In the real world, some companies use two-factor authentication to restrict employee access to certain buildings or areas. Identification cards with embedded chips or magnetic strips allow employee to swipe or tap at security terminals and then key in a company-issued passcode. If both are correct and the worker has access privileges, the door will unlock.

Many online services use two-factor authentication. Most recently, Instagram made two-factor authentication to all of its users.

Google has been using two-step verification since 2011. When it's enabled for your account, a special code is sent to your phone whenever you log in to your account on a new device. Google also sends you an email notifying about the access on the new device.

Twitter activated two-step authentication in 2013, while Facebook’s version, known as Login Approvals, has been around since 2011. In late 2015, Amazon also rolled out its implementation of the method.

Other high-profile online services that have implemented some form of two-factor authentication include Apple, Microsoft, Steam, Yahoo, Xbox Live and Dropbox.

Online banking services also use two-factor authentication. One international bank, for example, combines password and token generation. Clients are given token generator devices for free. To log in, you enter your username, password and a random, unique token generated by the key. Another bank uses both passwords and a one-time passcode sent to the user’s phone via SMS.

To see a list of services that use two-factor authentication, visit Two Factor Auth.

Should you enable two-factor authentication?

Generally, you should enable two-factor authentication wherever it is available, especially for important and sensitive accounts such as online banking.

Consider the potential consequences of enabling two-factor authentication. For example, Amazon lets you receive the second passcode either via SMS text or voice call. You wouldn't be able to receive either of these when you're on an airplane, so if you plan to shop in the air, you'd have to switch to the authenticator app method before boarding the plane. We like Google Authticator (free for iOS and Android), which generates codes for any two-factor site.  You might also find yourself unable to use mobile phone authentication anywhere cellular coverage is spotty or nonexistent.

Familiarize yourself with the system's safety nets for occasions when the second factor is unavailable to you. For instance, if you lose your phone, does your service provider allow an alternate way for you to log in without your phone or provide a second phone number? One bank offers alternate access by supplying randomly requested characters of a second password defined previously by the user.

Some services let you turn off two-factor authentication for a device once it's been authenticated. We don't recommend doing this. 

Two-factor authentication can be a bit of an inconvenience, but that extra step will make you a less desirable target for those looking to steal your banking information, upload scandalous photos to your social network or read your confidential messages. The minor inconvenience is a small price to pay to keep your accounts secure.

[Image credit: two-factor authentication via BigStockPhoto]


Topics

Tips & How-Tos, Privacy


Discussion loading

gravatar

From rodger c. white on September 18, 2017 :: 6:32 pm


need more privacy a.s.a.p.

Reply

gravatar

From Epiphany Flakes on April 23, 2018 :: 4:20 am


Do not write me back in this email address someone hacked my phone got access to my gmail got into all my accounts got my social security number and made alot of accounts in my name gotten bank accounts bankcards i cant even get on my facebook they in my this is horrible coming from the real Epiphany Flakes!!!!!!!!!!!!

Reply

gravatar

From Joanne on August 20, 2019 :: 6:34 pm


Help a woman out!!!!!
I have an iPhone that’s been hacked by my neighbour… possibly my home network.. and he’s a F’in Cop… like wtf… how do I protect at least my iPhone from him snooping in on my personal shit…. what a nightmare!!!!
Do I just get rid of Apple devices all together?
What is this world coming too… such sick people with no lives
I need a hacker to hack them and give them a taste of their own medicine!
Signed
Just Sick

Reply

gravatar

From Samuel Chi on May 30, 2021 :: 1:52 am


I tried changing the password but he continued having access yes I used my number as an authentication method.

Reply

gravatar

From Josh Kirschner on June 01, 2021 :: 6:58 pm


Password to what? How do you know someone else has access.

Reply

gravatar

From Boris on October 20, 2021 :: 12:11 am


My msn account got hacked he changed the security settings so I can’t rest my password it goes to his phone number or his email

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.