In today’s world, account security is a challenge. Even using password managers can only protect your accounts to a certain extent; hacking technology works far too often to crack passwords, exposing your information. Because of this, some people choose to use two-factor authentication (2FA), which secures your accounts beyond a username and password.
What Is Two-Factor Authentication?
Two-factor authentication, otherwise known as 2FA, is a security procedure that adds a second step to the standard log-in process. You have to verify yourself with your password and the code.
Typically, the extra verification happens via a numerical code sent to your phone with a quick call or text. You’ll receive the code and have to enter it onto the website or app that you’re looking to access. This proves that you are the owner of the account—unless a hacker had your personal cell phone, they couldn’t enter the right code sent to your phone, and therefore couldn’t log in to your account.
This isn’t the only method of 2FA, though. Some forms of two-factor authentication use physical security keys, and some use another form of personal identification, like a fingerprint. But because mobile phones are so accessible, texting or calling in a code has become the most common method.
This two-step verification doesn’t replace your username or password—entering that information is the first step! It simply gives your accounts more protection and lessens the chances that it can be hacked.
Trading Security for Convenience
To clarify, 2FA does make things a little more inconvenient for you. It takes a little bit longer to take the extra step, but remember, being secure isn't always the easiest or most convenient option. And hackers try to capitalize on you looking for more convenience (skipping two-factor, using the same password for every website, etc.). But in the long run, an extra layer of security is always going to be worth it even if it costs you a few extra seconds when logging in.
Think about it this way - when you go to the bank, you usually need a form of ID so the bank knows you are who you say you are. It should be no different when we access our accounts online. Our most important personal information kept on many of our online accounts. For example, if a hacker gets your passwords, they could:
- View all of your personal emails, contact information, photos, etc.
- Send phishing attacks to your contacts
- Steal your banking information
Find Two-Factor Authentication
Some websites and apps, especially banking apps, have two-factor authentication enabled by default. However, most other websites do not automatically enable it; you have to find it and enable it by yourself.
Benefits Of 2FA
Obviously, the biggest benefit of two-factor authentication is that your accounts are safer. You have a much lower chance of becoming victim to hackers who access accounts via the password route. For accounts that contain a lot of personal information, like banking data, you want that extra layer of security.
2FA via texts and phone codes can also serve as a sort of security alert all on its own. If your phone dings and you get a text containing a code for an Amazon log-in out of the blue, you’ve got a clue that something isn’t right with that account. You can go in and change your password. If you had kept single-factor authentication on, your account would already have been hacked, and you may have been none the wiser for weeks.
Two-factor authentication helps fight against identity theft and general fraud as well. From a business standpoint, it can save money on tech support and services. Fewer accounts compromised means less time and energy spent fixing accounts.
How To Enable 2FA
A lot of accounts that keep sensitive information will automatically use two-factor authentication. Banking apps and websites, for example, often will send a code to the user when they log on to their account as an added security measure. However, other accounts—like Apple’s Apple ID—only require a verification code when signing in with a new device.
If you’re wondering how to get 2FA all the time, it varies for each account. But usually, user can access 2FA or 2 step verification through their account settings under the security tab. You may have to enter a phone number to keep on file for calls or texts, but the process overall is rather simple.
Google Authenticator, a mobile security application based on two-factor authentication, can be used across many websites and devices. You can also use Google Authenticator through your Google account, in place of receiving text messages or calls. Some people like using an app better and believe that it's safer, since in theory, phone numbers can be hacked. Some authenticator apps even work without an Internet connection. Two-factor authentication through either method is safer than just single-factor authentication, so it’s up to each user to decide which method they’d rather use.
Authenticator apps work by generating a single-use code, which is then used to confirm you’re the user logging into your accounts. You have to link the websites to the app on your mobile device, but then the sites will generate keys which get saved to the authenticator app. The keys, typically displayed as QR codes, are time-based and can be scanned with the app and saved to your phone, usually within thirty seconds.
When you log in again to that website, you check the app for the code. If the access key code matches the website’s, then you’ll be successfully logged in, just like with an SMS message.
Drawbacks Of 2FA
From a security standpoint, there’s no drawbacks to switching over to two-factor authentication. But it does take more time to log in to your accounts. 2FA could be considered more inconvenient, as you have to use your app or enter in additional codes instead of just typing in your password.
However, remember that being secure isn’t always the easiest or more convenient option. Hackers rely on the fact that you’re going to slack off on your security; taking a few seconds and entering a code to log in with 2FA is worth it in the end.
Regardless of how secure your account may be, if the keepers of your account information are not secure, this could result in a data breach. For example, hackers can gain access to your data by hacking your bank's website. You can use the data breach check too to see if your information has been compromised.
How To Turn Off Two-Factor Authentication
Turning off two-factor authentication is just like turning it on. Again, each account will be different in terms of accessing two-factor authentication specifically, but most of the time, you can find it under your account settings. The "Security" tab will likely have the two-factor authentication option, and you can switch it off just like you switched it on.
For minor accounts that you're not worried about, you can probably take the risk and turn off two-factor authentication. But like we said above, it's an excellent layer of security to add onto any account that has sensitive information. Consider what information the account holds before switching off 2FA.