You should be using two-factor authentication with your critical online accounts. It is one of the four steps we recommend taking in our security guide, because it is an easy way to drastically increase security.

Two-factor authentication means using something you know (your password) and something you have (usually your phone, which most people keep in reach at all times) to log into your account. When you log in to an account with two-factor authentication enabled, you will have to type in your password plus a code that is generated by an app or sent to you by text or email.

Since two-factor authentication means your account requires two pieces of information from two different sources (your brain or password manager plus your phone) to log in, a malicious hacker needs to do a lot more work than just stealing your password. It doesn’t make it impossible for someone to compromise your accounts; just a whole lot harder. That’s worth an extra step to log into your most critical accounts.

However, it’s not always obvious whether two-factor authentication is available. Some online apps and services hide it behind layers of options panels.

For a list of apps and services that offer two-factor authentication, see, which has a pretty comprehensive and up-to-date list. It also links to the relevant page in each site’s documentation and has more information about which second factors are available. If it is not available, there are handy links to tweet a request for the company to step up its security game.

Featured image: “Happy young teenager girl showing victory sign” from Shutterstock.


  1. Paul Spitz says:

    The most important factor for me is whether there’s an alternative to getting that plus-code by text message. I occasionally walk out the door without my cellphone, and I don’t want to have to drive 10 miles back to get it, then another 10 miles back to work, etc.

    • Sam Glover says:

      Someone else once objected that they didn’t want to use two-factor authentication because it was a burden to have to remember their phone. Really? I’ve forgotten my phone maybe twice in ten years.

      That said, any good two-factor authentication scheme will have backup codes you can use. Just write them down and tuck them into your wallet. You’ll be fine unless you forget that, too.

    • George Jacobson says:

      There are a lot of alternatives to text messages. For example, very convenient solution is an OTP token in the form of the smart card, like this one – And you can also tuck it into your wallet.

Leave a Reply

Your email address will not be published. All fields are required.

By commenting you agree to abide by our community standards.