As the world goes fully digital, online information increasingly is under attack from scammers stealing people's personal information. A security feature known as two-factor authentication can keep your accounts safer and provide peace of mind.
What is two-factor authentication?
Two-factor authentication, also known as multifactor authentication and often abbreviated as 2FA, adds an extra layer of security when you log in to an account that contains personal or sensitive information; for example, when reviewing your checking account or savings account. Mobile phones are often used to add this extra layer.
Here's how it typically works:
When you log in to an account that has been set up for two-factor authentication, you log in with your user name and password as usual. Then there’s an additional step: You get a text message on your phone or an email with a one-time code that you must enter to complete the login. So even if the bad guys get their hands on your password, they still wouldn’t have access to your account.
Two-factor authentication can also use biometric information like fingerprints or face authentication. And there are other forms of two-factor authentication, such as security tokens that produce temporary codes. The idea is that login requires both something you know, like a password, and something you have, like a phone.
You might be using this process already. Some banks automatically require an extra step of authentication when you log in to your account from a new device or location or try to make a high-volume transaction. Other financial service providers may require you to opt into it by adjusting your security settings.
In addition to banking sites, two-factor authentication can be set up on shopping, social media, email, gaming and payment platform sites, among others.
>> MORE: How to send money online
Theft of online info a growing problem
There’s no guarantee you won’t get hacked if you use two-factor authentication, but it’s less likely. Even if thieves have your password, they probably don’t have your phone.
The theft of online information is a big, and growing, problem. The Department of Justice estimates that 17.6 million Americans were victims of identity theft in 2014, and complaints to the Federal Trade Commission rose almost 70% from 2013 to 2015, to more than 490,000.
The Department of Homeland Security recommends that you place the strongest possible protections on your accounts, particularly if they hold sensitive information. That means for any account connected to your finances — banks and credit unions, peer-to-peer payment platforms like Venmo and anything that might hold credit or debit card information — the more secure, the better.
You can check online sites to find out if your financial institution offers 2FA. It’s also a good idea to go to your bank’s website or contact your bank directly, since information may change.
More security steps to take
If two-factor authentication isn’t available on a site, you can maximize your accounts' safety by following these other security tips. It’s a good idea to follow these rules regardless of whether your financial institution offers 2FA.
Create passwords using a combination of upper and lowercase letters, numbers and symbols.
Avoid using the same password for multiple sites, particularly for bank accounts and other sites that hold sensitive information.
Don’t access sensitive sites while your device is connected to public Wi-Fi.
Run updates on your mobile devices and apps to ensure you have the most up-to-date browsers and software to keep viruses out.
Read the fine print. Be choosy about which apps and services you give your information to, and know how they will use your information.
Delete old apps and accounts you don’t use.