Two-step verification and two-factor authentication add an extra layer of security to accounts you access online, including email addresses and bank accounts. You enter your username and password, but before you get in, you have to enter a second factor — two hoops to jump through.
If someone tries to reset your password and you have 2FA enabled, it’ll be much harder for them to gain access to your account. (It’s similar to needing both a PIN number and a debit card to take cash out at an ATM machine, since it minimizes the damage from someone who might have access to your credit card, but not your PIN number.)
The second factor you’ll need to prove your identity might be a numeric code sent to you via text message, or a code generated on a phone app like Google Authenticator. These codes may expire within a certain amount of time. Another example of a second factor is a security key such as Yubikey, a small hardware device that can be plugged into the USB port of your computer and used to secure passwords on some sites or accounts.
Action item: Set up two-step verification on your Gmail account, if you have one. The steps are listed here: https://www.google.com/landing/2step/. You can choose the method of the second level of identification by selecting phone calls, text messages, the Google authenticator app, or a security key. Make sure to add backup phone numbers for Google to contact you in case you lose your phone, and to print out one-time use backup codes and keep them in a safe place so you can use them if your phone is unavailable, like when you’re on a plane.
Bonus: Add 2FA to other accounts you care about if it is available. Your bank, project management software, retail accounts and social media accounts are good places to start. See http://twofactorauth.org for a list. You can even add 2FA to your WordPress site with tools including Clef (freemium) or iThemes Security Pro.
Yael Grauer is a freelance tech journalist covering online privacy and surveillance for WIRED, Forbes, Slate, and other publications. Find her at http://yaelwrites.com or on Twitter @yaelwrites, and check out her free ebook on staying safer online at https://yaelwrites.com/saferonline.pdf.
Check out more digital hygiene tips:
- Removing public data
- Privacy protection on domain names
- Https everywhere
- Anonymous “Tor” cloak or VPN
- Prepare for a DDos attack
- Two-step verification
- Privacy plug-ins/cookies
- Third-party permissions
- Image “hidden pixels”
- Links and attachments
- Install patches and updates
- Use a password manager/strong password
- Strengthen security questions
- Encrypt hard drive/backup data
- Click to play
- Use end-to-end encryption