Two-factor authentication

Stay Smart Online recommends using two-factor authentication (2FA) whenever possible.

For example: something only you know—like a password or a pin and:

  • something only you have access to—like a mobile device or an app, or
  • something only you are—like a fingerprint.

This second level of authentication is not new, however it is gaining momentum as accounts are left vulnerable with weak or poorly secured passwords. A range of websites including Twitter, Paypal and WordPress have an optional second factor to their log-on processes, and online banking sites have used 2FA for a long time.

Due to previous privacy concerns with some of these platforms, users may be hesitant to provide mobile phone numbers or other details but doing so will keep your account much safer.

Why is it important?

While it does require one extra step to a login process, it provides a much stronger defence for your account. If your password is hacked and you have 2FA activated on your account—the hacker cannot gain access. They need both levels of authentication.

Having 2FA is not going to remove all risk, however you are much harder to hack than those with only single-factor authentication. This means you are a much less attractive target and you are reducing your risk dramatically.

If you’re travelling or will not have access to your second level for a period of time, consider changing your second criteria to something you will have access to, or obtain some single-use back-up codes. Do not turn it off!

We recommend:

  • wherever possible, activate two-factor authentication
  • use strong passwords/passphrases and keep them safe
  • do not use the same passwords across multiple sites
  • use a password manager to keep stock of all your passwords and login details

Check out which websites offer two-factor authentication here.

Read more on creating and managing passwords.