The 411 on Two-Factor Authentication

Two-step authenticationIn an era in which online accounts can be cracked with sophisticated software or a hacker’s ingenuity, taking an extra step when you log in can give you miles in added protection — even when using “strong” passwords.

It’s called two-factor authentication (2FA), and it requires both something you know (like a password) and something you have (like a cellphone). Once enacted, after you successfully log in to an online account, you receive a code to your phone, via text message (usually four to seven digits). Only after entering that code, typically for initial log-ins from a new or unrecognized device, can you access your account.

Why should you use it? Think of 2FA as a stronger alternative to old-school security questions — Where were you born? What’s the name of your high school? — whose answers can be gleaned by Web-savvy crooks. Also think of it as something you have long done, such as when you swipe your credit card and must authenticate the purchase by entering your zip code to buy gas or rent DVDs, or use a PIN number with your ATM card.

Get the latest on protecting your money and saving for retirement — AARP Money newsletter »

Certainly, 2FA (also known as two-step verification) isn’t a foolproof way to protect your online accounts, and it isn’t even universally available. But more websites now offer 2FA — including those of banks, investment firms, email providers, and cloud and backup storage services. If instructions to enable 2FA don’t display via the search box (think financial institutions), it’s worth making a call. The how-to’s for some popular websites:

Google: Click here and then Get Started in the upper right. Enter your Google email and password (or just your password if you’re already logged in). Click the Start Setup button and add a phone number that’s not your Google Voice number to which Google can send the six-digit verification code.

Apple: Go to My Apple ID, select Manage Your Apple ID, and sign in. Select Password and Security. Under Two-Step Verification, select Get Started, and follow the on-screen instructions to register one or more devices.

Microsoft: Sign in to your Microsoft account. Under Password and security info, click Edit security info. Click Set up two-step verification, and follow the instructions. In addition to an email/text message option, Microsoft gives you the choice of installing the Microsoft account app on your phone, which will make authentication faster.

Facebook: After signing in, click on the upside-down triangle in the top-right corner, and choose Account Settings. Select Security and Log-in Approvals, and check the box that reads “Require a security code to access my account from unknown browsers.” A test code will be sent to your phone to approve the service.

Get discounts on financial services from trusted companies — AARP Member Advantages »

Twitter: After you log in, click your profile picture and select Settings. Using the Twitter app from your phone, tap Me, then select the gear icon and Settings. Click Security and privacy, and select Send log-in verification requests to (your phone number). If you don’t have a number on file, add it under Mobile. Your phone will be sent a test code; click Yes to enroll in two-factor authentication. You’ll also receive a backup code should your phone be lost or stolen.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.

Photo: artenot/iStock

Also of Interest


See the AARP home page for deals, savings tips, trivia and more.

0 comments