What is Two-Factor Authentication?

Also referred to as two-step verification in some places, two-factor authentication is an extra layer of security that requires a user to not only provide a username and a password, but to also provide additional proof that only the user would have. For example, a physical token can generates a code, or an SMS can be sent to a pre-approved number... etc.

Why Should I Use Two-Factor Authentication?

The two-factor authentication process can help lower the probability of account theft and protect against phishing attacks via email or phone, because an attacker would require more than just the username and password details to be able to login to your accounts.

There are many types of two-factor authentication mechanisms, including:

  • SMS pass-codes
  • Phone call-backs
  • Push notifications, where you verify your identity by approving a push notification from an authenticator application on your smartphone or wearable device
  • Hardware security tokens, where you press a button to generate a code that you can use to verify
  • Time-based One-time Passwords or TOTP

Below are some common web services that support two-factor authentication, along with links to instructions on how to enable them:

To check if a website or a service supports two-factor authentication, you can visit this website: https://twofactorauth.org.
If you are interested in reading more about two-factor authentication, check out this issue of the OUCH! Security Awareness Newsletter published by the SANS Institute.