3 Things to Know about 2-Factor Authentication (and some advice)

login_screenLet’s face it, if you’re like most people, in your digital life you:

  • use your email address as your username
  • use a password that’s less than 13 characters long
  • use a simple password (like 123456, abcdef, or some combination of letters and numbers that relate to you somehow)
  • use the same password at more than one online place
  • don’t use a password manager or really do much to manage your online identity

Here are some simple facts:

  • Nowadays, professional hackers can crack any (and I mean any) password that is less than 13 characters long.
  • Your online identity has already been compromised in more than one place
  • Tons of personal information about you is already stored ‘in the cloud’ and available to hackers – way more info than you can imagine
  • There’s no standard for passwords or usernames, everyplace online can enforce whatever rules they want. This makes it more difficult to manage your online identity without help.
  • The more secure your online identity, the harder it is for you to deal with it.

So technology has tried to come to your rescue with several tools, such as password managers (like LastPass or 1Password). If you haven’t yet outsourced your own password management to a program like this, you probably should!

One tool you may be hearing a lot about is “2-factor authentication“. Here are three quick things you should know about this:

rsasecurid1labelIt adds another layer to your online identity security. Think of your username as one layer, your password as another layer, and 2-factor authentication a 3rd layer. Basically, the first two layers are things you know, and the 3rd layer is something you have. This would be something like a text message on your cell phone, a smartphone app (like Google Authenticator), or a small device (like SecureID). Online, you’d have to have that thing in order to log into your account. As long as you have that thing in your possession, it makes it almost impossible for hackers to steal your identity. If you are like most people (see above), your weak username and password combo will be immensely strengthened by adding in that 3rd layer.


2labelgoogle2-factorNot everybody uses 2-factor authentication. Some common online folks that do include Google, Apple, Dropbox, Microsoft, LastPass, Facebook, Twitter,  Paypal, and LinkedIn. More and more banks and credit card companies are starting to implement 2-factor authentication (yay Chase!), but the list is still pretty short (you should check and if yours doesn’t, you should ask loudly and often). Most notably, Wells Fargo, TD Bank, Suntrust, Citibank, Capital One, PNC and American Express don’t support it (we’ll update this when they do). You can search for your online institution here, but we recommend you visit your financial institution’s website and/or contact them to get a definitive answer. For you iPhone 6 owners, the forthcoming Apple Pay may be a game-changer in how you make purchases both online and in the physical world (and yes, the fingerprint sensor is that something you have!).

3labelshutterstock_107467136_resultThere really is no 100% foolproof way to protect your online identity – the hackers and their methods are evolving at a rapid pace, generally faster than the folks developing protection against hackers. 2-factor authentication is just one tool to help make yourself a ‘hard target‘ against hackers. You really have to do more than one thing – you need to use a password manager or actively and safely manage every single online account you have, use 2-factor authentication wherever possible, watch all your online and financial accounts like a hawk, and implement new security methods as they become available (and are an improvement to whatever you already have). Oh, and you need to practice safe computing (see our guide here).

shutterstock_131245712_resultNow doing all this stuff may be way more work than you really want to deal with, but neglecting your own security online can be as serious a risk as neglecting your physical security. I would hope you avoid dark alleys in unsafe parts of town, lock your doors and windows, and don’t leave valuables lying around right? These digital life security tips are the same thing. So let me finish with a recap of your digital life to-do list:

  1. Use a password manager tool or actively manage your online identity everywhere
  2. Use 2-factor authentication where available, and strong username/password combinations where it isn’t
  3. Watch your online accounts for suspicious activity and take action if you see any
  4. Watch for new protection methods as they become available and use them wisely
  5. Practice Safe Computing

Leave a Comment

Your email address will not be published. All comments must be approved by the webmaster before they will be publicly viewable. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.