You should be using two-factor authentication with your critical online accounts. It is one of the four steps we recommend taking in our security guide, because it is an easy way to drastically increase security.
Two-factor authentication means using something you know (your password) and something you have (usually your phone, which most people keep in reach at all times) to log into your account. When you log in to an account with two-factor authentication enabled, you will have to type in your password plus a code that is generated by an app or sent to you by text or email.
Since two-factor authentication means your account requires two pieces of information from two different sources (your brain or password manager plus your phone) to log in, a malicious hacker needs to do a lot more work than just stealing your password. It doesn’t make it impossible for someone to compromise your accounts; just a whole lot harder. That’s worth an extra step to log into your most critical accounts.
However, it’s not always obvious whether two-factor authentication is available. Some online apps and services hide it behind layers of options panels.
For a list of apps and services that offer two-factor authentication, see TwoFactorAuth.org, which has a pretty comprehensive and up-to-date list. It also links to the relevant page in each site’s documentation and has more information about which second factors are available. If it is not available, there are handy links to tweet a request for the company to step up its security game.
Featured image: “Happy young teenager girl showing victory sign” from Shutterstock.