Two-Factor Authentication: A Simple Step for Extra Security
Imagine that you're shopping at computer store and you present a credit card for payment. The cashier looks at you and asks, "do you have a photo I.D.? "
Even though it might seem a bit inconvenient to dig into your wallet or purse again to get a driver's license or school I.D., it's not too upsetting a request for most people because they know the cashier is taking an extra step to make sure the credit card belongs to them.
After all, no one else has the authority to use it except you. So, when the name on your ID matches the name on the credit card, and the photo on the ID looks like you, the cashier feels safe finishing the transaction.
You should too, because that extra step of precaution protects your identity and money.
That's the idea behind a security step known as two-factor authentication (2FA) in the online world. It's being used on all types of websites—from LinkedIn to Twitter and more—and all types of transactions (email, social media, transactions) all designed to protect your identity.
On many websites (Google, Outlook.com) the security step is called two-step verification, but it's the same thing: A changeup in the normal routine of logging in or managing accounts that adds a layer of security.
The whole point of 2FA is simple: to trip up a hacker or anyone with bad intentions who might try to hack into your accounts.
Whatever any website calls it, it's up to you to...
- Learn about it
- Find out which of your most-used online accounts and websites offer it
- Decide if you want to take advantage of it
- Implement it as often as you can
2FA. What it is and how it works.
Factor One. The normal routine. When you open an online account, whether it's an email account or retail account, you start by creating a username and password. From then on, that's all you need to access your account, whether to make transactions, change passwords, add account numbers, etc.
The password being the more important of the two, of course, because a username alone isn't enough to impersonate a user. But even a strong password doesn't always mean you're safe.
Passwords can be violated, discovered or revealed, even guessed by hackers. It happens all the time:
- In 2016 Yahoo announced that more than a billion customer accounts had been hacked. Also, LinkedIn and Twitter have both been attacked by hackers. You see the news: No online website and company is hacker foolproof.
The dangers of too little protection.
When an online thief steals your password, they could lock you out of your accounts—and that's just for starters, because they could also...
- Read and view all your emails, contacts, photos, etc.
- Delete all your contacts, emails, etc.
- Send unwanted or harmful emails to your contacts
- Take steps to change or reset passwords for bank accounts, store accounts, etc.
Factor Two. "Before you can proceed..." When a website has 2FA in place—and if you have activated/implemented the feature—you must clear one more hurdle before getting access to your account.
- Or to put it in perspective, an imposter trying to access your account would have one more hurdle to clear before they could bust log into your account.
- And it's a hurdle that would most stop them in their tracks.
Here's how Google explains it to its customers.
Who doesn't use Google? Here's what they will tell you, in their words.
Protect your account with 2-Step Verification!
Each time you sign in to your Google Account, you'll need your password and a verification code.
Signing in to your account will work a little differently: You'll enter your password. Whenever you sign in to Google, you'll enter your password as usual.
You'll be asked for something else. Then, a code will be sent to your phone via text, voice call, or our mobile app. Or, if you have a Security Key, you can insert it into your computer's USB port.
That's how two-factor authentication/two-step verification works on almost all websites.
For example, if you go on your laptop to change the password for your Outlook email account, you'll first get a prompt asking you to enter the last 4-digits of your cellphone number. (You will have already registered a cellphone number with on Outlook for this very reason.)
When you enter and "send" the digits, you will immediately receive a text message that contains a code number, which you'll need to complete the action.
2FA protects your interests. Find it and use it.
As mentioned earlier, it's up to you to discover which websites offer two-factor authorization.
Recently, an active LinkedIn user discovered by accident that LinkedIn provides the option of adding two-factor authorization to their accounts. The LinkedIn customer was surprised he never knew about it before.
"It bothers me a little that LinkedIn, Google and Twitter each have two-factor authorization, and have for a while, and yet I never knew it. With all the hacks in the news, you'd think they'd make more noise about it."