In today’s digital age, data breaches and successful phishing attacks are a common occurrence. The result is that your affected login information may end up in the hands of cyber criminal. One of the most effective ways to protect your online accounts is to use two-factor authentication (2FA).

What is 2FA?

Two-factor authentication is a security measure that adds an extra layer of protection to your online accounts. In addition to a username and password, you must also provide a second factor of authentication. This second factor can be a code sent to your mobile phone, a code generated by an authentication app or “biometric” measure, like a fingerprint or face scan.

Why you should you use 2FA.

2FA makes your online accounts significantly more secure. If a hacker managed get a hold of your login information through a data breach or successful phishing attack, they would still not be able to access your account without the second factor. You will have made it easier for them to just move on to their next target rather than investing time in trying to get a hold of your second factor or checking to see if the password they have for you works with other accounts you might have.

Tips for using 2FA.

Since most of us have many online accounts, prioritize enabling 2FA on your most important online accounts first. At the very least, use 2FA for your email accounts; if your email account were to be compromised, any online account associated with that email account could have it’s password reset by the attacker.

Not all factors are equal. Text message (SMS) and mobile calls are better than nothing, but because they’re vulnerable to SIM swapping scams, they’re not as secure as using an authentication app. Popular authentication apps to download on to your phone are Duo, Google Authenticator and Microsoft Authenticator. These apps generate a unique code that typically refresh every 30 seconds. When you first setup your authentication app, set it to backup, in case your phone is lost or stolen.

Don’t share your 2FA code with anyone. Scammers can call or text you posing as the government, a financial institution or IT support and claim to need your 2FA code. Your government, bank or IT support staff will never contact you saying they need your 2FA code.


  • Use 2FA to protect your online accounts and setup your most important accounts first.
  • An authentication app is better than Text/SMS as a second factor.
  • Don’t share your 2FA code.