Two-factor authentication

Two-factor authentication, often shortened to 2FA, is a hassle-free way to protect yourself from some of the most common forms of hacking. 

Two-factor authentication adds another step to the login process. So, instead of gaining access to a site or an account after entering your login name and password, you are prompted to request a one-use code that is sent to your email or phone via SMS. Increasingly, user platforms make this easy, transferring the code from text to the target site’s interface automatically. The bottom line is that 2FA adds another layer of protection, because a criminal needs more than something you know (your login and password). They also need something you already have or have access to: your smartphone or your email account. 

It’s a good idea to use 2FA whenever it’s available because passwords tend to be vulnerable, even if you choose ones that are not easy to guess or re-used to access multiple accounts. 

The reason 2FA may matter for you lies in a dirty little secret many of us keep from the world: We still tend to use and reuse passwords sometimes. A recent Google survey found that 65% of people admitted to using the same passwords across multiple accounts, and for the last seven years, “123456” has remained the most popular one people choose. 

Most cybercrime is simple–no complicated Hollywood-style montages. Hackers simply look up login/password combinations from other breaches and re-use them in your other accounts. 

With billions of poorly secured and vulnerable accounts accessible online, simply adding one more level of difficulty to access an account means you’re a harder target to hit. So, unless you’re directly in the crosshairs of a more sophisticated Hollywood-style hacking campaign or you happen to have access to extremely valuable data, enabling a text notification is probably enough to send hackers off in search of easier prey.


  • Two-factor authentication, sometimes called multi-factor authentication, is an easy and fast way to add an extra level of protection to an account.

  • Passwords are not the best way to secure an account, and should never be the only thing between a criminal and your most sensitive data.

  • Two-factor authentication isn’t foolproof and can be circumvented, but it does raise the relative difficulty of accessing another account before gaining access to a target.