Security matters: five reasons why you need to enable Two-Factor Authentication

If you can remember far enough back to the early days of the internet, you’ll probably recall a time when people would use the same easily memorable password for everything – their email account, Amazon, and pretty much every other online service they happened to be using.

Fast forward a few years, and we’d all learnt – some of us the hard way – that this approach wasn’t much different to leaving the keys to our homes hanging from the front door.

Over time, we’ve learnt better password habits – not reusing the same one, for instance, making sure they’re long and difficult to guess, and the value of password managers in keeping them all safe.

But now we’ve reached the point where just using a password alone is no longer considered secure. And that’s where Two-Factor Authentication, or 2FA, comes in.

2FA is a way of bolstering the security of our accounts by requiring more than just a username or password – it usually comes in the form of a 6-digit code texted to our phones or generated through an authenticator app. Or it can come in the form of receiving a permission prompt on an already signed in device.

We won’t go in depth on the relative merits of the different types of 2FA here – we’ll save that for another blog – but here are five reasons why, wherever possible, you should enable Two-Factor Authentication.

And by the way, you may have heard other terms like Multi-Factor Authentication (MFA) used elsewhere. While there are subtle differences, these terms are often used interchangeably and effectively refer to the same thing.

1) Passwords aren’t secure

There’s certainly some apparently strange logic in that heading but think about this for a minute.

Even if you can come up with an incredibly strong password, that is practically impossible to guess (which you should), that doesn’t actually make the account that it’s protecting inherently secure.

Why?

Because passwords can, and do, end up in the wrong hands.

You might be the victim of a phishing or social engineering attack, for instance, and inadvertently give away clues to your password (or even the password itself). Even worse, your password might be leaked in a hack on the servers of your provider – absolutely nothing to do with you, but suddenly it is out there for the whole world to see.

If your password is compromised – which it almost inevitably will be at some point – your account will remain inaccessible without the use of the second factor.

2) 2FA is convenient

Most of us have a phone that we carry with us all the time. For newer Apple or Android devices, approving or denying a sign in request might be as simple as choosing ‘yes’ or ‘no’ on a push notification.

For other requests, it might involve copying and pasting a code from an authenticator app.

The point is, it usually takes seconds to provide that second step – seconds that could save an immense amount of inconvenience and loss if your account is hacked.

3) It reminds us of the importance of security

Before the days of fingerprint and facial recognition, very few of us would secure our smartphones with a passcode.

Nowadays, we’re we’ll aware of the potential threats associated with not locking our devices, and we’re only too happy to keep our phones, tablets and laptops secured.

In making us aware of the weakness of password-only security, 2FA can actually do us a great service. Being daily reminded of the importance of online security whenever we log in is vital in making sure we remain vigilant to the constant threats we face.

4) It’s better than nothing at all

Opponents to 2FA will often cite examples of its failure. Most of the time, these failures will be associated with the ‘text message’ version of 2FA, where criminals might gain access to your text messages through schemes like SIM-swapping.

The argument against using 2FA because it isn’t always perfect however is illogical.

It is proven to be many times more secure than simple username and password authentication, and while it may not always be 100% effective, it is certainly better than nothing at all.

We would recommend however that – should your provider offer multiple forms of Two-Factor Authentication – SMS (text message) alerts are only selected when other more reliable forms of authentication (such as push notification or authenticator app) are not available.

5) More and more providers are using it

You won’t always be able to use 2FA, for the simple reason that not all providers enable it.

However, you may be surprised by the sheer – and growing – number that do. Some of the better-known providers offering 2FA today include:

Amazon, Apple, Dropbox, eBay, Facebook, Google, Gov.uk, Instagram, LinkedIn, Microsoft, PayPal, Twitter and many more…

So there you have it. Five reasons why you should enable Two-Factor authentication. And in a world where 2FA is easy, convenient and can add a great deal of additional security, why wouldn’t you?