Over the last few months, we’ve covered how switching to Tipmont internet means you can keep all your current device passwords and how personal password managers can store all your passwords in a secure online vault. This month, we’re going to dive into two-factor authentication.
What is two-factor authentication (2FA)?
Think of 2FA as the deadbolt on your front door: It’s an added layer of security that requires you to provide two different factors that verify it’s really you logging in. In other words, it invokes something you know (your password) and something you have (your smartphone) or something you are (your fingerprint). Even if a criminal has your username and password, 2FA will prevent them from accessing your account via phishing and other scams.
There are four 2FA mechanisms:
- One-time password (OTP): A temporary code (usually a six-digit number) you receive by text or email. The code must be entered at the login before it expires.
- Physical token: A physical device near or plugged into your computer. This is the safest option, but carrying yet another device is inconvenient.
- Biometric: Your device recognizes a physiological factor such as a thumbprint or iris. Privacy concerns notwithstanding, many devices don’t have this capability.
- Authenticator app: An app on your mobile device generates a short OTP that resets every 60 seconds or so and is tied to your account. The authenticator app is often the best choice for combining security and convenience. Many of the best apps are free, including FreeOTP, Google Authenticator, and Microsoft Authenticator.
Tip
Never share an OTP with anyone, even if they sound and act like someone you know.
Enabling 2FA
Enabling 2FA is typically a quick process found in each account’s settings:
- Install an authenticator app on your device.
- Log into your account and go to account settings.
- Under account security, look for an option related to “Two-Factor Authentication” or “Two-Step Verification.”
- Choose your preferred 2FA method (e.g., authenticator app) and follow the subsequent setup instructions.
I strongly recommend enabling 2FA on any account that offers it, especially one with data that thieves want. This means banks and other financial organizations, email services, social media platforms, and anywhere you store a credit card.
Also, safely back up any codes the platform provides in case you lose access to your primary 2FA method. A new login process called passkeys combines passwords and 2FA, but it’s still in its infancy. Amazon, Google, and Apple offer passkeys if you’d like to try them out.