How Two-Factor Authentication Protects Your Online Info

Amber Murakami-Fester
By Amber Murakami-Fester 
Updated
Edited by Zoran Basich

Many or all of the products featured here are from our partners who compensate us. This influences which products we write about and where and how the product appears on a page. However, this does not influence our evaluations. Our opinions are our own. Here is a list of our partners and here's how we make money.

Discover the bank accounts that fit your financial goals
Just answer a few questions to compare bank accounts that meet your needs.
MORE LIKE THISBanking

As the world goes fully digital, online information increasingly is under attack from scammers stealing people's personal information. A security feature known as two-factor authentication can keep your accounts safer and provide peace of mind.

What is two-factor authentication?

Two-factor authentication, also known as multifactor authentication and often abbreviated as 2FA, adds an extra layer of security when you log in to an account that contains personal or sensitive information; for example, when reviewing your checking account or savings account. Mobile phones are often used to add this extra layer.

Here's how it typically works:

When you log in to an account that has been set up for two-factor authentication, you log in with your user name and password as usual. Then there’s an additional step: You get a text message on your phone or an email with a one-time code that you must enter to complete the login. So even if the bad guys get their hands on your password, they still wouldn’t have access to your account.

Two-factor authentication can also use biometric information like fingerprints or face authentication. And there are other forms of two-factor authentication, such as security tokens that produce temporary codes. The idea is that login requires both something you know, like a password, and something you have, like a phone.

You might be using this process already. Some banks automatically require an extra step of authentication when you log in to your account from a new device or location or try to make a high-volume transaction. Other financial service providers may require you to opt into it by adjusting your security settings.

In addition to banking sites, two-factor authentication can be set up on shopping, social media, email, gaming and payment platform sites, among others.

⏰ Limited-time offer

SoFi Checking and Savings

SoFi Checking and Savings

SoFi Checking and Savings

NerdWallet rating

4.5

/5

Bonus

$400

Limited-time offer

Learn more

at SoFi Bank, N.A., Member FDIC

AD

sparkle-illustration

Don’t miss out on a bigger bonus

Get a NerdWallet-exclusive bonus of up to $400 when you open an account and hit $5,000 in direct deposits within 25 days after your first one. That’s $100 more than SoFi’s normal $300 bonus! Select "Learn More" to get started. Expires 4/22/24. Terms apply.

Theft of online info a growing problem

There’s no guarantee you won’t get hacked if you use two-factor authentication, but it’s less likely. Even if thieves have your password, they probably don’t have your phone.

The theft of online information is a big, and growing, problem. The Department of Justice estimates that 17.6 million Americans were victims of identity theft in 2014, and complaints to the Federal Trade Commission rose almost 70% from 2013 to 2015, to more than 490,000.

The Department of Homeland Security recommends that you place the strongest possible protections on your accounts, particularly if they hold sensitive information. That means for any account connected to your finances — banks and credit unions, peer-to-peer payment platforms like Venmo and anything that might hold credit or debit card information — the more secure, the better.

You can check online sites to find out if your financial institution offers 2FA. It’s also a good idea to go to your bank’s website or contact your bank directly, since information may change.

More security steps to take

If two-factor authentication isn’t available on a site, you can maximize your accounts' safety by following these other security tips. It’s a good idea to follow these rules regardless of whether your financial institution offers 2FA.

  • Create passwords using a combination of upper and lowercase letters, numbers and symbols.

  • Avoid using the same password for multiple sites, particularly for bank accounts and other sites that hold sensitive information.

  • Don’t access sensitive sites while your device is connected to public Wi-Fi.

  • Run updates on your mobile devices and apps to ensure you have the most up-to-date browsers and software to keep viruses out.

  • Read the fine print. Be choosy about which apps and services you give your information to, and know how they will use your information.

  • Delete old apps and accounts you don’t use.

On a similar note...

Find a better savings account

See NerdWallet's picks for the best high-yield online savings accounts.

⏰ Limited-time offer

AD
NerdWallet rating 

4.5

/5
SoFi Checking and Savings

at SoFi Bank, N.A., Member FDIC

APY

4.60%

With $0 min. balance for APY

Bonus

$400

Limited-time offer

Up to $300 cash and $100 in rewards points. Terms apply.

Get more smart money moves – straight to your inbox
Sign up and we’ll send you Nerdy articles about the money topics that matter most to you along with other ways to help you get more from your money.