Two-Factor Authentication Protects Identity. Passwords get hacked all the time and then they get sold to online thieves. Cycling through long, hard-to-remember passwords helps slow down hackers, but two-factor identification (2FA) stops them. 2FA requires a code as well as a password for login. The first factor is a password and the second is a unique code sent to a separate device.
Password-only access to an email account empowers online thieves. Phishing and spear-phishing attacks direct a user to a bogus login page for a trusted company with which the user has an account. The bogus page then steals every piece of information the user enters. A spear-phishing attack even allows the bad actor to have the email appear to come from one’s boss, colleague, client or friend. Without 2FA enabled, a password in the wrong hands gives cyber thieves everything they need to know.
2FA comes in three types. The first and most common is a six-digit code texted to a pre-registered cell phone number. Unless the SIM card is hacked, the email account is safe. (This assumes the mobile company is good with its own security.) Unfortunately, issues with the coverage area can slow down texts.
An authentication app, the second method for 2FA, is independent of the coverage area. Google has one, as well as Authy and DuoMobile. The mobile app shows users the authentication code which allows them to complete their logins. The only downside is that one can mistakenly enter the code into a phony website and have it stolen just like a password.
A security key is best. This is a small physical USB device. They start at $20. A reliable brand is Yubikey. Just make sure that the websites and browsers in question support keys.
To keep accounts safe, a USB security key, an authentication app, or a text gives the second line of defense beyond a password. If ever users find themselves locked out of an account (misplaced key or dead cell phone), they may use a set of backup codes provided by the website account or browser in question. The account holder keeps the numeric codes in hard copy for use when the second device is unavailable. 2FA keeps online accounts extra secure.