By Jocelyn Baird, NextAdvisor.com
By now, most people are aware of the importance of creating strong, unique passwords for all of their online accounts. If you aren't already practicing smart password habits, you certainly should. With websites of all kinds being hacked daily and scammers spamming people's inboxes with phishing attempts, vigilance online is absolutely necessary if you want to keep your accounts secure. Fortunately, web developers have beefed up security on many sites by adding something known as two-factor authentication which adds an extra barrier to prevent a would-be hacker from accessing your account. With such a helpful defense available, it's important to understand what two-factor authentication is and why you should be using it.
How does two-factor authentication work?
Not a new technology -- it was first patented in 1984 -- two-factor authentication (sometimes referred to as two-factor verification or two-step verification) combines two different components to prove a person's identity when attempting to access an account. A real-world example is withdrawing cash from an ATM, because you provide your bank card along with a PIN that only you know. When used online, two-factor authentication typically involves your account password followed by a unique, randomly generated code which is sent to you by e-mail, text message or a phone call. Some websites will also require users to answer a security question, such as their first grade teacher's last name, and others will place a call to the user's cell phone to prove it's really them attempting to log in.
The benefit of two-factor authentication is that even if someone manages to get your password, if they aren't also in possession of your cell phone or whatever else is required to complete the second step, they can't log into your account. Additionally, when they do attempt to access your account, you will be alerted with an authorization code -- something the hacker would need to complete the log-in process. If you ever receive a code for an account that you didn't generate or trigger, you should take it as a sign that your password was leaked and change it immediately.
Do I have to enter the code every time I log in?
Yes and no; it depends on the website you're using. Most websites using two-factor authentication will require you to perform the verification process every time you log in from an unknown computer or web browser. Most will then "remember" that computer or web browser so you won't have to repeat the process every time -- the site usually asks you to uncheck a box if you're using a device you trust when you first log in. This is fine if you're using your phone or a personal computer, however, if you use a public or shared computer, it might be best to stay on the safe side and opt to perform the authentication every time you log in to prevent anyone from pretending to be you. In other words, make sure you check the box saying you don't want the site to remember that computer when you're signing in. Some websites, such as PayPal, will require that you perform the two-step authentication any time you log into your account if you've enabled the technology.
Where can I find out which websites offer it?
Most online services, such as major banks and social media sites, use two-factor authentication, while others are slowly starting to implement it. An engineer named Josh Davis has created a website which lists most commonly used websites along with information on whether or not they support two-factor authentication. The website, www.twofactorauth.org, separates websites by category for easy browsing and enables you to send a message to websites which don't offer the technology asking them to add it.
How can I enable two-factor authentication?
Although banks and other financial websites typically offer two-factor authentication as a default, others offer it but require users to enable the technology on their accounts if they want it to be used. It's especially important to enable two-factor authentication on your email as well as any website on which you use a credit card or other financial account. You can usually find out how to enable it by logging into your account on the site and going into the settings section, or by searching through the website's FAQ if you can't find it. Take note, though, the Two-Factor Auth List website links directly to the section on most sites which explains how to enable the technology so you don't have to do much searching yourself.
Want to learn more about how to stay safe on the Internet? Follow our Internet security blog.
This blog post originally appeared on NextAdvisor.com.