If you spend any time online, you’ve probably heard about two-factor authentication. But what is TFA, and how can it protect your accounts from scammers?
Let’s dig a bit deeper into online security to help you shore up your accounts against hackers and scammers. Here’s everything you need to know about two-factor authentication!
Two-factor authentication, often abbreviated “TFA” or “2FA,” is a security feature available on most websites that use password login systems. When you enable two-factor authentication on your account, you set up a backup email address or phone number that you use to authenticate any new logins.
When a new device tries to log in to an account with TFA set up, the website will send an authentication code to the specified destination. This could be an email or a text message, though some authentication protocols use randomized, algorithmically-generated passwords, like Google Authenticator.
Picture this scenario: your password and username have been leaked to the internet by a data breach. This isn’t an uncommon scenario: every day, hackers break past the security of websites all around the world and leak sensitive information to the internet. If a hacker has your login credentials and you don’t use TFA, they’ll have access to your accounts in a matter of seconds.
If you’ve set up two-factor authentication, though, they’ll hit a brick wall. Without access to your phone or your authentication app, they’ll be unable to go further. This locks them away from your sensitive information and protects your accounts!
Of course, there are more steps you can take to be safer. For one thing, be wary of SIM swapping. This is a scam in which hackers set up their own phone device with your phone number to intercept two-factor authentication codes meant for your inbox. If you want to avoid this, tell your cell phone service provider to accept no outside calls to reset your number without the use of a four-digit PIN of your choosing.
Likewise, avoid using the same password across multiple accounts. Use a password manager to generate strong codes that no hacker could guess. On top of this, try to use authentication software when you can, instead of relying on text messages or emails. Algorithmically-generated authentication codes are the most reliable and secure way to keep criminals out of your accounts.