SMW Logo
SMW Logo

2-Factor Authentication (2FA). Free Simple Protection


When protecting your valuable information, 2-Factor Authentication (2FA) is a wise choice. Here’s what it is and how to use it.

Passwords are only the first step to good Security

Every online account we have requires a password. And it can get overwhelming choosing one. That’s why so many people wind up using the same one over and over again, or just as bad, making a too weak password. Here are the top-10 most hacked passwords

LastPass Breach

In this article, I go over the recently revealed breach of LastPass, making 2FA more important than ever.

2-Factor Authentication – The Basics

Basically, 2FA involves something you know, and something you have.

something you know

The something you know is your password. While many of us use a password manager and actually don’t know most of our passwords, still the password is assumed by the app or website to be something we know and type in to gain access.

something you have

The something you have is usually your phone. But there are other devices like a YubiKey that can be used.

methods of using your phone for 2FA

text message

At the least, the app or website sends a text message to your phone with a code for you to enter. This is the least secure method, as bad guys are able to spoof a phone and have the text message routed to them. But in reality, unless someone belongs to a 3-letter government agency, I don’t see them being a target for that.

push notification

This method involves the app or website sending a notification to your phone asking if it’s really you. Both Facebook and Google use this method. This is more secure than text message.

Google does this by default.

authenticator app

To use an authenticator app, when requested by the website or app you are trying to log into, you open the authenticator app which displays a 6-digit code that you enter. This code changes every few seconds.

Examples of authenticator apps:

  • Google Authenticator (the one I use)
  • Authy
  • LastPass Authenticator
  • Microsoft Authenticator

…and many more. These are the 4 most popular (although I’m guessing the LastPass Authenticator will be dropping in popularity)

Using an authenticator app involves some setting up, and can me a challenge when you get a new phone. In a future post I will detail how to setup and use an authenticator app.

YubiKey (or similar device)

A YubiKey is a device that resembles a thumb drive. To use it for 2FA, when requested, one inserts the YubiKey into a USB port. This is the “something you have”. In addition, some YubiKeys are NFC enabled so they can be used with a smart phone by simply tapping. And for 3 factor authorization, some have fingerprint readers, so in case it is lost or stolen, no one else can use your YubiKey.

when should you use 2FA?

You be the judge of that. I use it anywhere I would stand to lose something if someone got hold of my password.

  • Banks
  • Investment sites
  • Shopping sites
  • E-mail

And as a web developer, any site pertaining to my business.

E-mail is super important to have 2FA setup. If someone had access to your email, they wouldn’t need your bank/investment/shopping password. They could request to change it, and when the email comes to you, they intercept it. change your password, then delete the email.

Now not only does someone have your password, you don’t. You could request a change, but they could simply change it back.

So use 2FA wherever you need it. It’s a bit of a hassle to use in a hurry, but it’s less of a hassle than having a bad guy steal your money.

Notify of
Inline Feedbacks
View all comments


More Posts

top 5 password managers

The Top 5 Password Managers

Password managers are a must in today’s internet. Here I look at the top ones and evaluate them on security, ease of use, and cost.

last gasp for lastpass

Last Gasp For LastPass?

LastPass has just suffered a major breach, and is passing it off as much of nothing. Let’s dig into the details of what might be

lastpass logo

A LastPass Primer

Note: Since the recently released statement from LastPass regarding the theft of passwords, I have a new article about that here. Every online account we

Send Us A Message