Why You Need to use Two-Factor Authentication Everywhere

Passwords are broken.

Passwords are still important, but they’re not as strong as they used to be. People often use weak passwords and reuse them across different websites. Hackers have also stolen millions of passwords. This makes passwords less secure than they were in the past.

That’s why you should use two-factor authentication (2FA) for important websites, such as your bank, your investment accounts, and even your domain registrar. 2FA adds an extra layer of security to your accounts, making it harder for hackers to get into them.

How it Works

Two-factor authentication (2FA) is like having a secret password in addition to your regular password. This extra password makes it harder for someone to log into your account, even if they know your regular password.

For example, when you log into your bank account, you might be asked to enter a code that is sent to your phone. This code is your second password, and you need it to log in.

Using 2FA is like having a two-lock door on your house. Even if someone has one key, they still won’t be able to get in without the second key.

Three Types of 2FA

Text messages are the simplest and least secure way to add an extra layer of protection to your online accounts. There are three main ways to use two-factor authentication.

• Text messages – after entering your password, the business sends a text message to you with a one-time code. You must enter this on the website within a fixed period of time to complete the login process. While convenient, this is the least secure method because people can intercept these messages. However, it’s still worth using SMS-based 2FA if it’s the only option a website offers. It’s still significantly better than just using a password.

• App-based codes – a step up is to use an authenticator app such as Google Authenticator, available on both Android and iOS. Authentication apps work with multiple websites, so you only need to download one app to log in to multiple sites. The apps generate rolling codes that change about twice every minute. After entering your password at a website, the site will prompt you to open the app to find the current code. There are still some risks to this form of 2FA. Some thieves will try to trick you into entering your password on a fake site and then prompt you for your 2FA code. If you give the code, the thief can immediately log into your account.

• Physical keys – physical keys are the current gold standard for 2FA. They’re also easier to use than the other forms. A physical key is a small device that plugs into a computer USB port or connects wirelessly to your computer. When you enter your password, the site will ask you to touch your key or press a button on it, depending on the type. Keys can be used on multiple websites. Physical U2F security keys start at about $25.

Setting It Up

When setting up 2FA using an app or physical key, Namecheap provides you with a list of backup codes if you lose access to your phone or physical key. Make sure to print these and keep them in a safe place.

With malware and hacked passwords readily accessible on the web, it’s more important than ever to step up your security game. Set up two-factor authentication today.