Up Your Security: Turn On Two-Factor Authentication
You may think that if you always take care not to share personal information online and regularly update security settings across your accounts, turning on two-factor authentication is an unnecessary step. But the truth is that no matter how secure your passwords are or how well you keep your profiles private, there is always a risk of someone accessing your personal information.
Unfortunately, we continue to find this out the hard way. Between July 2017 and September 2018, attackers accessed personal data of more than 30 million Facebook users. Alphabet decided to shut down Google+ after the company discovered that a bug in one its APIs gave third-party apps access to private profile fields for more than two years. Uber even went as far as paying a ransom when hackers exposed the names, phone numbers, and email addresses of 57 million users in 2016.
Frighteningly, these aren’t the only multibillion dollar companies to experience data breaches this decade—British Airways, Equifax, FedEx, T-Mobile, Under Armour, and Yahoo are also on the list. These companies have financial access to the top cybersecurity experts in the world (at least in theory), and not even they can protect your data.
How can you keep malicious people out and your personal data secure?
The answer isn’t that easy, but you can start by enabling two-factor authentication on any service that offers it. While two-factor authentication doesn’t eliminate security vulnerabilities, it will help keep your personal information more secure. It adds an additional layer of security to make sure someone trying to access an online account is who they say they are.
A factor is one of three things: something you know (like a password), something you have (like a cell phone), or something you are (like a fingerprint). Two-factor authentication simply means two of those factors are required to gain entry into whatever you are trying to access.
Password + security question? Single factor. You know both of these things.
PIN + password? Still single. Again, you know both of these things.
Password + phone? Two factors. You know your password and you have your phone.
Personal Identity Verification (PIV) card + PIN? Two factors. You have your PIV and you know your pin.
Fingerprint scanner + PIN? Two factors.
Password + phone + fingerprint scanner? That’s multifactor authentication. You know your password, you have your phone, and you are your fingerprint.
One of the most common forms of two-factor authentication is the use of a password and your phone. For example, once you successfully enter your username and password, you are then prompted to verify you are who you say you are by entering some other piece of private information only available on your phone. This might be a code sent via text message or a frequently changing string of numbers on an authenticator app.
More and more companies are allowing users to enable two-factor authentication. There is a nifty site, twofactorauth.org, that keeps an updated list of all the services offering two-factor authentication. Consider taking the time to do the same to check it out—you may sleep better.