Two-factor authentication (2FA): Why is it important, and how to enable it

Two-factor authentication or 2FA is a security protocol that adds an additional layer of protection to your digital IDs. With an increasing number of services tied to our digital IDs, it’s important that we secure access to these IDs to prevent unauthorised use and misuse. As anyone who’s lost their phone and found their world crumbling around them will tell you, losing access to your email ID, social media account, or even to an online game that you’ve sunk hundreds of hours into is no laughing matter.

How 2FA works

Traditionally, a digital ID like your email ID is secured by a username and password. Even if you’ve taken the trouble to create a long, secure, alphanumeric password – something that most people don’t do – your account is still not secure and can be compromised.

Keyloggers on compromised PCs can steal your passwords, someone could sneak a peek at your phone’s pin code as you enter it in a public space, and worse still, the service provider gets hacked and does not properly secure their password database and accounts. Once someone knows your password, they will gain access to your account, and by extension your digital life.

In all these cases, there’s a single point of failure, which in this case is the password. 2FA works by adding a second layer of authentication to the process, hence its name. This second layer can take any form: an OTP sent to your phone number or ID, a secure app or device that generates authentication tokens only at your request, a physical device like a YubiKey that needs to be plugged in, etc.

ALSO READ: How to chat with Meta AI on WhatsApp

When you try to log in to an account secured by 2FA, you’ll first be asked to enter your username and password, and once those details are verified, you’ll be asked to use the secondary authentication to actually access your account. Since it’s highly unlikely that both your first layer of security – your password – and your second layer of security are compromised, your account will be very secure.

How to enable 2FA

Two-factor authentication will need to be manually enabled on all online or digital services that you use. Some services will offer 2FA upfront when signing up, others will first require that you create an account and then enable 2FA via the settings page for that service. Instructions for doing so will usually be found easily online.

Financial services and most modern social media and email platforms all support 2FA and in fact, encourage the use of it from the start.

Smaller and more niche platforms might not support 2FA however. In such cases, we’d recommend using a temporary or disposable email ID and unique password.

What kind of 2FA should I use?

2FA comes in various forms. Here’s a breakdown of the most popular ones to help you decide which one to use:

1. OTP: An OTP or one-time password is the most common type of 2FA available. In this case, a code is sent to your registered mobile number or email ID when you want to log in to a service. This form of 2FA is secure as long as you have control over your phone and number. There have been cases where people have used SIM swap scams to steal OTPs, masqueraded as your bank to ask for an OTP directly, and more. While an OTP is more secure than no 2FA, it is quite possibly the least secure mode of 2FA available.

2. Authenticator apps: A more secure option is the use of an authenticator app. Many popular online services offer this option, and it involves installing an app on your phone that is synced with your account. When you want to login, a code is generated on the app and must be used to login to your account. 

ALSO READ: 10 online holiday scams and how to avoid them

This is more secure than an OTP as the code is tied to your physical device and not your mobile number of email ID. The downside of course is that if you lose your device, you’ve lost your authenticator, and the recovery process can be problematic.

3. Physical key like a YubiKey: One of the most secure 2FA protocols is the use of a physical device to authenticate your account. Much like the key you use to access your home, a YubiKey like device is a USB stick that securely stores your digital IDs and only allows access to your account when the USB device can connect to your computer or phone. As long as the key is safe, your account is safe.

How worried should I be?

Given how often and how easily various online services get hacked, it’s good practice to enable 2FA of any kind. An OTP-based 2FA is often more than enough as the likelihood of both your password and phone number or email ID being compromised simultaneously is very low. Still, we’d recommend opting for a more secure form of 2FA for your most important accounts.

Additionally, popular online services tend to be very secure by default as they have systems and checks in place for closely monitoring suspicious account activity. In many cases, you’re likely to be notified of unauthorised access or unusual activity and given the opportunity to deal with the problem before it gets out of hand. New technologies and services like passkeys are also changing how passwords are stored, further securing our online lives.

Enable 2FA and secure your digital self as best you can. It’s unlikely that your digital life will ever be compromised, but on the off chance it does, you’ll be glad to have 2FA keeping your accounts secure.