What is it?
Two Factor Authentication (often called 2FA) refers to supplementing your password with another means of confirming that you are who you say you are.
On services that use Two Factor Authentication, you’ll be asked for your username, password and a token. The token must be generated by something unrelated to the service you’re accessing. Modern 2FA is usually handled by an app on your phone.
Why use it?
It’s extremely strong authentication, since an attacker not only has to establish your ID and password, but also steal your mobile phone, AND have a way to access it (since it will be fingerprint or PIN protected). Very unlikely!
It’s also reasonably convenient. Most websites will allow you to “trust” the device which you are logging in from, thereby bypassing the 2FA requirement on subsequent logins, sometimes for up to three months, depending on the service.
Options
The most popular method to get 2FA is Google’s Authenticator app. Download it for iOS and Android.
Some websites, such as Twitter, will use their own mechanism, usually based on you giving the site a valid mobile number and then they’ll send you the second factor via a text message. While the end result is similar to Google Authenticator, this method has two disadvantages:
-
You have to give the site in question your mobile number. This may not be desirable.
-
You have to have a useful mobile signal to receive the text. Depending on where you are, this could be an issue.
Where can we use it?
Many key sites now support 2FA. At the absolute minimum, you should apply 2FA to your email account, whether that’s Gmail, Yahoo or Outlook (Hotmail), since if hackers gain access to this, they can use it to reset the password on any of your other accounts, simply by clicking on the “forgot password” link!
Here are some other sites you should consider for 2FA:
And for an extensive and searchable list, use this excellent resource: https://twofactorauth.org/
In summary – if there’s an option to use 2FA, use it!