Two-factor authentication – the extra lock that saves the day

We use passwords for almost everything today: email, social media, online banking, cloud documents and much more. But even the best passwords can be stolen. That's why we need something that makes it much harder for outsiders to gain access – and this is where two-factor authentication comes into play.

What is two-factor authentication?

Two-factor authentication (also called 2FA or two-step verification) is an extra layer of security you use when logging in. Instead of only entering your password, you also have to confirm your identity in another way – typically through your phone.

So you log in with both:

  • Something you know (your password)
  • Something you have (for example a one-time code from an app or SMS)

This makes it much harder for hackers to gain access, even if they have your password. You can compare it to locking the door with both a key and a code lock – one lock isn't enough, but two make a big difference.

MFA1

How does two-factor work?

When you've enabled two-factor, this typically happens:

  1. You enter your username and password as usual
  2. You are then asked for an extra confirmation, for example:
    • A code from an app on your phone
    • A one-time code sent via SMS
    • A confirmation through a push notification
    • A physical security key you insert into the computer
  3. Only when you have passed both steps do you get access

The code you have to enter changes constantly – often every 30 seconds. That means a hacker can't use old information to break in.

Even if someone has gotten hold of your password, they can't log in without the second step.

MFA2

How do you typically add two-factor?

Luckily, it's now easy to enable two-factor on most platforms. Here's how it usually works:

  1. Log into your account (e.g. Gmail, Facebook or MitID)
  2. Go to "Security" or "Account settings"
  3. Find the item "Two-factor authentication", "Two-step verification" or "Login security"
  4. Choose which method you want to use:
    • Authentication app (e.g. Google Authenticator, Microsoft Authenticator, 1Password)
    • SMS verification
    • Email (used less often because it's less secure)
    • Security key (hardware)
  5. Follow the on-screen guide – and save your backup codes in case you lose your phone

Once it's set up, it works automatically the next time you log in.

Which services offer two-factor?

Most major services offer it – you just need to enable it:

  • Google / Gmail
  • Apple ID / iCloud
  • Facebook / Instagram
  • Microsoft / Outlook
  • Snapchat
  • Dropbox, OneDrive and other cloud services
  • Online banks and public portals
  • Amazon, Zalando and many webshops
  • Your workplace (e.g. Office 365, intranet, remote access)

You can usually see it in your account settings or on the site's security section.

Is it inconvenient?

No. It usually takes under 5 minutes to set up. Most apps can remember your device, so you don't have to approve every time, only when you log in somewhere new or when there's suspicious activity.

You gain much higher security without doing much. And it's one of the most effective ways to stop hackers.

A good habit in an uncertain time

Today passwords are leaked all the time – without you necessarily noticing. If you use the same password several places, a hacker can easily access your accounts.

But with two-factor enabled it becomes much harder – even if your password is compromised.

It's like locking your front door – and then adding an alarm afterwards. You can still have guests, but it's much harder for the thief.

MFA3

Ready to protect yourself better?

Two-factor authentication is a free, effective and simple method to protect yourself, your information and your accounts. It requires almost nothing – and it can prevent you from losing valuable data.

Use it. Today.