Turn on two-factor authentication

A good way to prevent other people from getting into your accounts is to use two-factor authentication. But what is two-factor authentication and where can you use it?

Two-factor authentication (2FA) adds an extra level of security when you log in. Most people log on to an online account by applying a username-password combination. Using 2FA adds a second layer of identity verification to strengthen your login protection.

What is two-factor authentication?

Why you should use 2FA

The problem with only relying on a username and password is that passwords aren’t very safe on their own. Passwords are often guessable (called a brute force attack) or they might have been stolen (from a phishing email or a virus on your machine).

It can be devastating when someone gains access to your account without your permission. They might use it to:

  • delete all of your photos or information,
  • email all of your contacts pretending to be you, or
  • use it to try and access other accounts.

Adding another level of security makes attackers work much harder to access your online information. Even if they know your password, with 2FA in place attackers still cannot gain access to your accounts.

Two-factor authentication as a security tool for business

How it works

To verify access to your online information, 2FA uses various forms of identification based on:

  • something you know:
    • personal identification number (PIN)
    • passphrase
  • something you have:
    • hardware (security tokens and fobs assigned to a computer user that generate access authentication codes or your phone, where you get a call back to press certain phone keys to grant access to an account)
    • software (applications like Google Authenticator which pushes notifications to your smartphone or will provide you with an access code or one-Time Password)
  • something you are:
    • retina/fingerprint scans and voice recognition (biometric data).

It’s possible to intercept verification codes via text. Using 2FA via text is much safer than not using 2FA. However, if there is a different method of 2FA available we recommend using that instead.

Where it works

You can use 2FA to authenticate access to most of your accounts, such as:

  • email accounts
  • social media networks
  • online banking
  • online shopping sites (such as PayPal).

You can also set up 2FA to access your devices – laptops, tablets, smartphones, and even some game consoles.

Like any security measure, 2FA is not infallible. Make sure you have a strong password and robust security settings.

Check if the system you use enables 2FA External Link

How to enable it

Online accounts often enable 2FA under your account or privacy settings. Some online services may not call it two-factor authentication. Instead, some will use the term two-step authentication or multi-factor authentication (MFA). Others, like PayPal, use the term security key.

Banking systems all enable their systems differently, to check how your bank uses 2FA look at the help section of your bank’s website.

Below are instructions on enabling 2FA on common social media and email accounts:

How to turn on 2FA on other global websites. External Link

Tips for using 2FA

  • Continue using strong password practices.
  • Look after your phone, device or hardware token and keep them safe.
  • If you receive a code and you weren’t trying to log into that account, change your password. Someone may have your password and is attempting to access your account.