And sad truth is, there’s not a lot we can do about it. Whether we like it or not, our information is out there, and as much as the companies that have it try, it’s almost impossible to keep completely safe.
But that doesn’t mean there’s NOTHING we can do.
On our end, there are some basic steps we can take to work toward keeping our online information a bit safer.
I cover these in more detail in my article, “My 2017 Internet Safety Suggestions“, but here are the key points about keeping online information safe:
- Use strong passwords
- Use different passwords for each of your online accounts
- Only enter private information on web pages that are secure
- Never click a link in an email that seems to be from a financial institution (go there directly yourself)
- Use two-factor authentication, when it’s available
It’s the last point about using two-factor authentication, that I want to talk about here.
What is Two-Factor Authentication
In the traditional online world, most sites that require you to login only ask that you enter a simple username (often your email address) and a password.
In this case, your password is the only factor of authentication (i.e. this is One-Factor Authentication).
This simple way of verifying that it’s you logging in, and not someone else, has become pretty easy for online criminals to circumvent. This is especially true if you’re someone who does not use a “strong password”.
Two-Factor Authentication (which is also called TFA, two-step verification, or 2FA) is an extra layer of security that some web sites provide, where you not only enter a password, but then also provide the site with another piece of information (a second authentication factor) that only you could know or have at that moment.
That second authentication factor might be…
- Knowledge – something that you know, such as another password, PIN number, or answer to a personal question
- An Item – something you have with you, such as an ID card, a Smart Card with a security token, or a Smartphone.
- A Biometric – something that is part of you, such as a fingerprint, voice recognition, facial recognition, etc.
Keep in mind that TRUE two-factor authentication means that the two factors you are providing the site are DIFFERENT factors.
For example, having to give your password (knowledge) and a PIN number (knowledge) is still only one-factor authentication.
Who Offers Two-Factor Authentication?
In order to use two-factor authentication to log into a site, that site must offer it.
The good new is, most of the popular places you log into, do offer two-factor authentication, including…
- Google (Gmail and their other services)
- Apple (iCloud and their other services)
- PayPal (at least in the U.S.)
- eBay (at least in the U.S.)
There’s a great web site that keeps an updated listing of all the sites offering two-factor authentication.
Common Examples of Two-Factor Authentication
Although the type of two-factor authentication that sites offer will vary, here is an example of the typical steps you would take to login, once you have two-factor authentication setup…
Step One – You visit the site login page, and enter your username and password (authentication one – knowledge)
Step Two – You perform the second authentication (an item) by doing one of the following…
- Example 1 – The site sends you a text message on your phone with a code number you must enter on the screen
- Example 2 – The site calls your cell phone or landline phone and a voice tells you a code you must enter on the screen
- Example 3 – You have an app on your smartphone (such as the Google Authenticator) that generates a code you enter on the screen
- Example 4 – You insert a special USB security key device into a USB port on your computer
Again, which second authentication factor you use will depend upon what the site supports.
How to get started
To get started with two-factor authentication, you’ll want to visit the sites you most commonly log into (such as Facebook, PayPal, your bank, etc.) and check to see if they offer it.
As I mentioned earlier, you can also visit TwoFactorAuth.org to see if your favorite site is listed, and get more information on how to setup two-factor authorization.
If you’re interested in reading even more about two-factor authentication, here are some online articles worth checking out…
- CNet: Two-factor authentication, what you need to know FAQ
- PC Magazine: Two-Factor Authentication, Who has it and how to setup it up
- The Verge: How to setup two-factor authentication on all your online accounts
- TechTarget: Two-Factor Authentication (2FA)
- Intego Mac Security Blog: Two-Factor Authentication, How it works and why you should use it
- Apple: Two-factor authentication for Apple ID