What is Two-Factor Authentication?

You create an account on a new website, and that site texts you a verification code to confirm your identity. You purchase a new app for your smartphone, which prompts you to pay by re-entering your phone’s passcode. You swipe a debit card and then enter a PIN to complete checkout at the grocery store. All of these scenarios are real-world examples of two-factor authentication, or 2FA—a way to both enhance your protection and confirm your identity in the digital world.

What is two-factor authentication, and why should you use it? Here’s an in-depth look at what 2FA is, its advantages, and how it can keep your personal information and property — both physical and digital — secure.

Defining two-factor authentication

Two-factor authentication, also called two-step verification, simply means you’ll need two different “factors” to sign into a digital-based account. A traditional password is the first factor when you log in with your unique username. To better verify your identity, a website may ask you to provide another factor. This security measure may be an authenticator code texted to your phone, an email that requires you to click and confirm, or a security question unique to your account.

Where are two-factor authentications most commonly used?

Two-factor authentication has been around for a while to help protect sensitive data against phishing attempts. Large national retailers, social media platforms, hospital systems, and credit card companies have fallen prey to hackers who put millions of users’ sensitive information at risk via data breaches. That’s why many of these companies either require or recommend two-step verification at login:

• Banks and credit card companies

• Insurance companies

• Medical and healthcare-related accounts

• Email accounts

• Password managers

• Home security apps and software

• Shopping sites like Amazon

• Productivity apps such as Slack, Asana, Trello, and Evernote

• Social media accounts, including Twitter, LinkedIn, and Facebook

Two-factor authentication types

There are a few commonly used authentication types. To implement 2FA, most websites and apps will employ the following factors:

• Something you know. A “knowledge factor” is the most common authentication method, relying on your password, a security question, or a PIN.

• Something you have. A “possession factor” such as a smartphone authenticator app, push notification, an identification card, security token, or another verification object you own. A security token can be hardware or software-based — and can be a physical USB device you must insert into your computer or an app you must run to access a login code.

• Something you are. A “biometric factor” relies on a physical characteristic such as your face, fingerprint, or voice. For instance, you may log into your tablet via a facial scan and complete an app purchase via your fingerprint.

• Where you are. A “location factor” keeps you secure by tracking the location of your phone or computer’s IP address. That means if a hacker attempts to log into your Facebook account from Bangladesh at 3:30 A.M., the social media platform may flag the attempt by sending you an email notifying you of unusual activity and prompting you to change your password.

Why use two-step verification?

When’s the last time you changed your email and bank passwords? How often do you reuse the same password across multiple accounts? Does your password contain easy-to-guess words? Research shows that some of the most common passwords are “12345,” “password,” “qwerty,” and combinations of names, sports teams, and birth years. Using weak password combinations makes it easy for nefarious actors to access your identity and online accounts. Adding 2FA to any account makes you less susceptible to hacks.

How to enable two-factor authentication

When you log into your Gmail or other Google accounts, you may simply type in your password when prompted. Wondering how to turn on and off two-step authentication to enhance your account’s security? For Google logins:

• Access the Google 2-Step Verification site

• Log into your Google account

• Click to enable two-step verification

• Input your mobile number in the Voice and Text Message option

• Check your phone for the numeric code in your text messages

• Input that code on your computer where prompted, and check Trust This Computer

• Click through to confirm

Many sites that don’t automatically require two-step verification still offer the option to enable it via the account settings.

Other ways to increase overall account security

Install a password manager

Sites like LastPass, 1Password, and BitWarden are all free or cost a few dollars per month. These sites synchronize your passwords across various platforms, and they save all those logins so you don’t have to remember the passwords.

Use strong, unique passwords

A combination of numbers, letters, and characters makes an account more difficult to hack. A password manager also can suggest a strong alphanumeric password.

Change passwords frequently

If you’ve been using your dog’s name and your street number as your go-to password since high school, it’s past time for a change. Set bimonthly calendar reminders to change all your passwords, particularly on your financial, email, and medical accounts.

Do a social media privacy checkup

Every time you log into another account using your Facebook login, you’re giving data to the social media platform. Also, be mindful of the photos you share and the data you offer publicly. Making your birth date, favorite sports teams, family members’ names, and other personal details accessible gives hackers data to potential password combinations.

The bottom line on two-factor authentication

Everything in life involves taking some form of risk. When you purchase a house and install a home security system, it doesn’t 100% mean that you’re entirely safe from an attempted break-in. Protecting your home with a home alarm, security cameras, motion sensors, and other smart technology, however, greatly reduces the risk of a break-in by deterring criminals and providing layers of protection to keep you and your family safe. In the case of digital security, two-factor authentication acts as an extra hurdle to keep cybercriminals less likely to break into your personal information and compromise sensitive data.

Visit the Help Center to learn more about enabling two-factor authentication on your Brinks Home™ app.

Allison Clark is a senior writer for Brinks Home. She enjoys educating others on the benefits of smart home security and using technology to simplify everyday life.