3 Things to Know about 2-Factor Authentication (and some advice)

login_screenLet’s face it, if you’re like most people, in your digital life you:

  • use your email address as your username
  • use a password that’s less than 13 characters long
  • use a simple password (like 123456, abcdef, or some combination of letters and numbers that relate to you somehow)
  • use the same password at more than one online place
  • don’t use a password manager or really do much to manage your online identity

Here are some simple facts:

  • Nowadays, professional hackers can crack any (and I mean any) password that is less than 13 characters long.
  • Your online identity has already been compromised in more than one place
  • Tons of personal information about you is already stored ‘in the cloud’ and available to hackers – way more info than you can imagine
  • There’s no standard for passwords or usernames, everyplace online can enforce whatever rules they want. This makes it more difficult to manage your online identity without help.
  • The more secure your online identity, the harder it is for you to deal with it.

So technology has tried to come to your rescue with several tools, such as password managers (like LastPass or 1Password). If you haven’t yet outsourced your own password management to a program like this, you probably should!

One tool you may be hearing a lot about is “2-factor authentication“. Here are three quick things you should know about this:

rsasecurid1labelIt adds another layer to your online identity security. Think of your username as one layer, your password as another layer, and 2-factor authentication a 3rd layer. Basically, the first two layers are things you know, and the 3rd layer is something you have. This would be something like a text message on your cell phone, a smartphone app (like Google Authenticator for Android, Google Authenticator for iOS), or a small device (like SecureID). Online, you’d have to have that thing in order to log into your account. As long as you have that thing in your possession, it makes it almost impossible for hackers to steal your identity. If you are like most people (see above), your weak username and password combo will be immensely strengthened by adding in that 3rd layer.

Google now has it’s own authenticator baked into Google apps for smartphones – similar to Apple’s account authentication.


2labelgoogle2-factorNot everybody uses 2-factor authentication. Some common online folks that do include Google, Apple, Dropbox, Microsoft, LastPass, Facebook, Twitter,  Paypal, and LinkedIn. More and more banks and credit card companies are starting to implement 2-factor authentication (yay Chase!), but the list is still pretty short (you should check and if yours doesn’t, you should ask loudly and often). Most notably, Wells Fargo, TD Bank, Suntrust, Citibank, Capital One, PNC and American Express don’t support it  (as of this article’s publishing date). We recommend you visit your financial institution’s website and/or contact them to get a definitive answer. For you iPhone 6 owners, the forthcoming Apple Pay may be a game-changer in how you make purchases both online and in the physical world (and yes, the fingerprint sensor is that something you have!).

3labelshutterstock_107467136_resultThere really is no 100% foolproof way to protect your online identity – the hackers and their methods are evolving at a rapid pace, generally faster than the folks developing protection against hackers. 2-factor authentication is just one tool to help make yourself a ‘hard target‘ against hackers. You really have to do more than one thing – you need to use a password manager or actively and safely manage every single online account you have, use 2-factor authentication wherever possible, watch all your online and financial accounts like a hawk, and implement new security methods as they become available (and are an improvement to whatever you already have). Oh, and you need to practice safe computing (see our guide here).

shutterstock_131245712_resultNow doing all this stuff may be way more work than you really want to deal with, but neglecting your own security online can be as serious a risk as neglecting your physical security. I would hope you avoid dark alleys in unsafe parts of town, lock your doors and windows, and don’t leave valuables lying around right? These digital life security tips are the same thing. So let me finish with a recap of your digital life to-do list:

  1. Use a password manager tool or actively manage your online identity everywhere
  2. Use 2-factor authentication where available, and strong username/password combinations where it isn’t
  3. Watch your online accounts for suspicious activity and take action if you see any
  4. Watch for new protection methods as they become available and use them wisely
  5. Practice Safe Computing

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:

Click or tap to open a new browser tab or your Venmo app and send money via Venmo to @positek(@PosiTek)Click or tap to open a new browser tab or your Paypal app to send money via your Paypal account to support@positek.net (Support@PosiTek.net)Click or tap to open a new browser tab or your Paypal app to send money using your credit card to support@positek.net (no Paypal account required)using any credit card
or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!


  1. Mirabel Nichole

    A friend of mine introduced me to a hacker by the name (name redacted). He helped hack my husbands whatsapp and facebook accounts in less than 2hours. He is a professional and also offers other services such as clearing bad driving records, boosting school grades and tracking calls to mention a few. Contact him on his email (email redacted)

    • Hi Mirabel, thanks for your comment. It sounds like you are comfortable working in the grey and dark side of the internet. My website and professional services generally shy away from those areas as they also skirt current laws. While your use of the hacker was for personal reasons, it and the other things he does are either illegal or at least very shady acts which I can’t promote nor condone.

      My only comment back to you would be to be very careful about what you share with hackers. While you say this person is “professional”, the very services they offer reflect a lack of respect for privacy and legality – decidedly anti-professional. Just my .02…

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.