In a previous article, we talked about the nightmare of Dr. L, who experienced identify theft and an account hack that almost resulted in loss of all her bank account balances, phone and other personal data.
In the upcoming articles, I want to start discussing what Dr. L could have done differently to protect herself. Keep in mind that as the criminals become more and more sophisticated, you can never be 100-percent protected. But, that doesn’t mean you shouldn’t do everything possible to protect yourself now!
While there are many ways to protect your data and online accounts, in my opinion, the best method is Two-Factor Authentication, or 2FA. Two-factor authentication (also sometimes called “two-step authentication”) is a way to increase security. Instead of just a password, there are two parts involved: Something that only you know, and something you have with you. The former is usually an existing password. The latter is some external object you own, such as a smartphone.
When logging into a site, after entering your password, the site will use one of two methods. Depending on how 2FA is set up, the site will either send your phone a text message with a code, or use an app on the phone (tied to the site) that generates a code. After the code is entered into the site, you’ll log in as usual. Some sites will allow you to check a box that makes the device “recognized,” so you don’t have to keep re-entering a code. However, I don’t recommend this as a lost or stolen phone would put you at risk. There are some custom apps, but one popular app used by many 2FA-using sites is Google Authenticator.
So, what are the reasons you would or would not do this?
On the plus side, since you need two separate items to log into a site (the password and a phone), and since you likely have the phone with you, the security is increased exponentially. Also, as many of you know, hackers use brute force attempts to hack passwords, 2FA makes this very difficult.
On the minus side, some people aren’t comfortable giving out their phone numbers to sites, and without a phone number or app, 2FA isn’t really going to work well. Obviously, it’s inconvenient to have to wait for and enter a code every time you access a site, especially if you log on multiple times per day. Finally, if you lose your phone, you may be locked out of the site. Some sites deal with this by generating a set of emergency codes to keep stored or printed out. The codes are useful in case a smartphone isn’t available.
Despite the potential inconvenience, I highly recommend you enable 2FA for as many sites as possible. This would include credit card sites, banking, telephone, and utilities. In almost every case it’s free to do this, and you’ll sleep a lot better at night