Telling grown professionals what to do and how to conduct themselves online is generally not in my business plan. But I know that some of us are not 100 percent caught up with techy stuff, and I feel obligated to write this one.
2FA is a creative shortening of “two-factor authentication.” You may also hear it referred to as multi-factor authentication. No matter who you are, you’ve probably heard these words. Maybe you looked into it and you know exactly what I’m talking about. Maybe it looked too complicated and you said “not for me, thanks.” Whatever the case, I can show you in one image why you need two-factor authentication.
We’re in a hacker’s world now. Hackers will get your passwords. It’s not a matter of if, it’s a matter of when. As a matter of fact, Google now has this handy feature to show you how compromised your passwords are. Want to guess how many times hackers have gotten their hands on my password?
In its early days, even this blog got hacked into! 2FA prevents that every day. 2FA, at its core, means you sign in with your password, and then the service you’re logging into sends you a numeric password via text message or it sends a numeric code to an authenticator app on your phone. This numeric code changes every minute or so, so somebody who wants to log into your stuff without your permission needs to get your username, password, and be tapped into your phone OR have physical possession of your phone. It doesn’t matter if they’re trying to hack in from India, China, Beirut, or next door, they’re not getting in without very substantial access to your personal life.
PRO TIP WHERE APPLICABLE: Put 2FA for your e-mail, link that to your phone, then use 2FA and link everything else to your e-mail. The result? Every time someone tries to hack you, you get an e-mail about it.
There is one major exception to this, and the most common way that you will be hacked using 2FA: You. Hackers and scammers may send you a site by e-mail that looks legitimate. If you go to log in, they will record your login details, and they will record the numeric code that’s sent from your authenticator if you give it to them. Always double check that you’re logging into the correct site, because if you don’t, you’re going to end up giving away valuable information to people that don’t deserve to have it. So, for example, let’s say you get an e-mail saying it’s from Chase Bank. They’re going to close your account unless you act now. Don’t click anything in that e-mail. Go to your browser and type in the Chase website that you know and love. Scammers and hackers design stuff to make you feel rushed and fearful because that’s when you’re least likely to think about a minor decision like logging into a site. Any time you’re feeling rushed or fearful, take some extra time to think before you act.
That’s really it. I have countless old accounts and usernames that I opened as a kid, before the age of 2FA, and they’ve all pretty much been taken over by bots and spammers. Given the importance of our work and the transcripts we produce, we can’t afford to let our clients down and let the bad guys seize information. 2FA for most services is free. Google Authenticator is free. “Free” is a great price for peace of mind, so check if the services you use have 2FA today.