Protecting Your Accounts With 2-Factor Authentication

2-factor authentication (2FA), also known as “multi-factor authentication” (MFA) adds an extra layer of security on top of your password. It helps keeps other people out of your account. Currently, 2FA is the best defense against phishing attacks.

To learn about 2FA, you can watch this video, or just keep reading:

What is a security “factor”?

A factor, or “authenticator”, is something you use to prove you are who you say you are. It can be any of these three things:

  • Something you know (Examples: password, SSN)
  • Something you have (Examples: cell phone, security badge, USB key)
  • Something you are (Examples: fingerprint, Face ID)

2-factor authentication uses two different types of factors instead of one. In theory, it is harder for an attacker to steal two different types of factors than it is to steal just one.

Security questions entered after password do not count as 2-factor authentication, because both factors are the same type (something you know). An attacker could easily capture both.

You may hear 2FA called Multi-Factor Authentication (MFA) or 2-Step Verification. These terms all refer to the same principle.

Why should I care?

Attackers are trying to steal your valuable personal information by breaking into to your online accounts. By default, your accounts are only protected by passwords. If attackers capture your password, it’s like stealing the key to your house: Now they have access to all your stuff, including potential access to sensitive company stuff. With possession of your password, they don’t have to find ways to “break in” to your account, they can log right in.

Thankfully, 2-factor authentication isn’t hard to use. If you use online banking, or have an Apple ID, you have probably already used 2FA.

How does it work?

Step 1: Enter your password.

You log in with your password every time you access your account.

Step 2: Use your 2nd Factor.

Choose one. When you turn on 2FA, you will choose a 2nd factor to use with your account. Most commonly, this is a cell phone that can receive text messages.

Keep it with you. You will need to have your 2nd factor with you to log in to your account. You’re the only person with that object, so you’re the only one who can access your account.

If doing this every time sounds like a hassle, don’t worry: Most systems only require the 2nd factor the first time you log in on a new computer or once every 30-60 days.

2-Factor Authentication Summary

You should turn on 2-Step Verification for your most important online accounts, such as Google Workspace. This is the most effective way to protect your data from being phished or misused.

In the future, you may be required to enable 2-factor authentication for other critical systems. Protecting your email is the easiest first step!