In our last article we discussed how to create and manage secure passwords, however even with a secure password your account may be vulnerable due to a data breach which is out of your control. 2FA can prevent hackers from accessing your account even if they have your password.
How does it work?
Two-Factor Authentication (2FA) works by adding an additional layer of security to your account beyond your standard username and password. What makes it so secure is that the additional layer requires something that only you have access to.
Here’s a basic overview of how 2FA works.
In this example the user enters their username and password, a code is sent to their phone and once entered they can access their account. This is just one example of how 2FA works, there are actually many different methods of 2FA.
There’s a common misunderstanding that 2FA is complicated and that it will take a lot longer to get into your accounts, however it can actually be quite simple. These are some of the most common methods of 2FA with some notable pros and cons to help you decide which one will work best for you.
SMS / Call 2FA
SMS is the most commonly used method of 2FA which works by sending a secret one time code to the mobile number on your account. 2FA Via phone call works in the same way as SMS but instead of receiving a text message you receive an automated phone call with the code.
- Easy to set up and use
- Doesn’t require an app to work
- Relies on mobile reception
- Can be less secure in the case your phone is stolen or a hacker is able to clone your sim card or port your number.
Unlike SMS, this method requires the installation of an app such as Google Authenticator. It will link to your account and automatically generate codes that last for a limited amount of time. Think of an authenticator app like a password manager but for 2FA codes instead.
- Doesn’t rely on a mobile number
- Easy way to manage all of your 2FA in one place
- Relies on device security, if your phone is stolen it can be easily accessed.
- Requires an app and is a little bit more time consuming
Similar to SMS, push based 2FA works by sending a push notification with a Yes/No option to confirm whether it’s you accessing the account.
- Easy to set up and fast to use
- More secure and doesn’t require your mobile number
- Limited support, not all services offer push based 2FA.
- Requires working data/internet connection
Single Use/Backup Codes
Most sites will give you a set of single use codes for use in case you don’t have access to your phone. These codes are useful for when you are travelling or you don’t have a reliable connection. However, just like passwords these codes should be stored in a safe location and never shared with anyone.
How to enable 2FA
We strongly recommend enabling 2FA as it provides a really strong layer of security to your accounts and once it’s set up there’s really not much to it. Fortunately, most accounts these days have multiple options for enabling 2FA – these options generally live under the security section of your account settings.
We’ve put together a list of links on how to enable 2FA on some of the most popular services below:
Enable 2FA for Facebook
Enable 2FA for Instagram
Enable 2FA for Apple ID
Enable 2FA for Google Account
Enable 2FA for Microsoft Account
Enable 2FA for LinkedIn
Enable 2FA for WhatsApp
Enable 2FA for WordPress
We hope this article has helped you to understand how 2FA works and how you can get it working on your account. If you liked this article, consider subscribing to our newsletter for the latest updates.