I’ve talked a lot about online security here because I believe it’s an important topic but also because of how relevant it continues to be. But there’s a hard truth to face, and that is that choosing strong passwords and maintaining good privacy habits is considered the absolute bare minimum anymore in terms of practicing good online security. There’s something else that you can and should be doing to keep yourself protected from hackers, bad actors, corporate slip-ups, and massive data breaches. Specifically, employing two-factor authentication in combination with your good password/privacy habits can drastically reduce your chances of being affected by such mishaps.
Two-factor authentication (2FA) is exactly what it sounds like – the requirement of having at least two different forms of identification (i.e. factors) to verify your identity. This most commonly involves two (or more) of the following:
Knowledge factor. Something a user knows, like a password or security question.
Possession factor: Something a user has, like a smartphone or an ID card.
Inherence factor: Something a user is, like a fingerprint or facial recognition.
The idea behind 2FA is that, while it’s possible to either acquire or bypass one of these factors, it becomes exponentially more difficult to bypass each additional factor that’s in place. You can think of each factor as a different moat surrounding a castle, except that while the first moat is just filled with water, the second moat is filled with spikes on fire, and the third is (probably) filled with sharks with laser beams attached to their heads. Even if an enemy could surmount the first moat, the second and third moats each require separate, more difficult tactics to cross, and thus make it less desirable for most attackers to even try.
Most 2FA implementations require use of a verified email account to receive sign-in codes or temporary passwords in addition to the base login information. Certain service providers also offer authentication apps for smartphones that can receive push notifications to help simplify the process without needing any additional codes at all. The effectiveness of 2FA can certainly be seen in how the tech giants have embraced it; both Google and Microsoft now require the use of 2FA for their users and their employees. In fact, Google and Microsoft have both reported that use of 2FA has essentially eliminated the threat of account takeover for their respective employees.
So the real question is why haven’t more people embraced 2FA? A study from December 2023 showed that only about half of all internet users had adopted the use of 2FA. While this is up from one-third of all internet users shown in a similar study done in 2017, it’s still shockingly low. The 2017 study showed that the most common reasons why users hadn’t adopted 2FA were inconvenience and complexity in setup. However, today nearly eight years later, setting up 2FA can be as simple as installing an app and entering a confirmation code. The sticking point for most people, it seems, is still the inconvenience of pulling up an app or their email and retrieving a code after they’ve already put in their password.
While I understand the resistance, as far as hurdles go I’d argue it’s relatively small. Suffice to say, if any of your online login accounts support 2FA, I’d strongly recommend taking advantage of it. A little inconvenience is a small price to pay for such a vast improvement in online security.