Well, it sucks, but there are bad people who want to break into your accounts and steal your identity and money. I don’t want that to happen to you. This is one post in a series I’ll be writing on how to best protect yourself.
Today’s fun topic: two-factor authentication (2FA), or two-step verification (2SV).
First of all: there are technical differences between these, but we are going to consider them to be the same thing. When I say 2FA, you may be on a site that instead says 2SV. Doesn’t matter, for our purposes. Who cares. Not important.
You’re already likely familiar with 2FA. In its simplest form, when you sign into a website, you get a code messaged to your phone. You then enter that code, and proceed on your merry way. That code is considered to be the “second factor” or “second step.”
Because it’s a nuisance to have to enter that second code all the time on your own computer or phone, an app or website will usually have an option to remember that you’re you, so you only have to enter the additional code once in a while, or when signing in with a new device.
You definitely want to enable 2FA for any account that would be dangerous to have someone else access. So, if you’ve got an account at a clothing retailer, let’s say, it would certainly be inconvenient if it were broken into — you’d have to contact your bank and get your credit cards replaced and it would be annoying — but it’s not the end of the world.
But if someone breaks into your email or social media and misrepresents themselves as you, all hell can break loose. People you know, or you yourself, may be scammed out of thousands of dollars; your Facebook account you’ve used for 20 years can be shut down. And if someone gets into your financial accounts, that isn’t great either.
In general, the kinds of accounts you should ensure 2FA is enabled on include:
- Email (especially Google and Microsoft)
- Domain registrar
- Web host and DNS host (if different)
- Login for your own website (e.g. WordPress)
- social media (e.g. Facebook, Instagram, TikTok, Twitter/X, Reddit)
- Apple ID
- Financial institution
- Cloud storage (e.g. Dropbox)
- Cloud backup (e.g. BackBlaze)
- Cloud photo sharing sites
- Cloud business applications (such as a CRM or database)
Think about these, and make a list for yourself.
Naturally, every Web site you go to will have a different way to enable 2FA, usually somewhere within your account area. You’ll have to poke around.
You’ll also be given different options for what kind of 2FA you want to use. I’ll address that in a separate post. SMS (text message) is most common. It’s not the most bulletproof — but it’s a whole lot better than nothing, so if you’re not sure, choose that.
Google accounts sometimes won’t let you use SMS, even when you have it set up, so you will want a fallback. I’ll address that in a future post.
If you need help turning on 2FA on your sensitive accounts, please let us know and we’ll be happy to help you out.
Photo by Micah Williams on Unsplash