How to add an extra layer of protection to your accounts

Aside from having strong and unique passwords, we recommend using two factor authentication (2FA) for all of your accounts that support it. To enable 2FA is to require a secondary form of proof beyond a password (the first “factor of authentication”) that you are the owner of an account. An example of 2FA is when you need to enter a code emailed or texted to you after entering your password before your login is complete. Another even more secure method is to use a code generation app on your phone (such as Authy, Google Authenticator, or Microsoft Authenticator). Another way of thinking about 2FA is that it means logging into your account requires “something you know” (a password) and “something you have” (your phone).

The benefit of 2FA is that it adds a second layer of defense to your accounts. The US Cybersecurity & Infrastructure Security Agency (a division of the Department of Homeland Security), Microsoft, Google, and a host of other leading cybersecurity thought leaders all recommend using 2FA - with some suggesting that it can thwart up to 99.9% of cyber attacks! Even if a cybercriminal got access to your password, this second layer of defense would mean that they would also need access to your phone or email to get into an account that had 2FA enabled.

Twofactorauth.org has a great collection of sites by type (banking, email, social, etc) that support 2FA and links to each site’s help articles that explain how to set it up. Think back to the list of accounts that have your most sensitive information. Set-up 2FA for as many of them as possible and consider switching away from providers who don’t offer it!