Security Basics: If a Service Offers Two-Factor Authentication, Use It

| How-To

Twitter announced this week that it was aware some Twitter login credentials are circulating on the Dark Web, and Mark Zuckerberg infamously had some of his (mostly unused) social media accounts hacked. That makes for a perfect segue for some basic security advice: if a website, service, or app offers two-factor authentication, use it.

Apple Two Factor Authentication

Apple Two-Factor Authentication

Two factor authentication at its most basic means that logging requires two forms of verification (it's also sometimes referred to as two-factor verification). It's the digital equivalent of needing, say, your birth certificate and a driver's license to get a passport.

Basic Two-Factor Authentication

Early two-factor authentication usually meant having to click a link in an email to change a password. That method effectively ensures that the person requesting a password reset has access to the email account attached to the login. While still not foolproof—the hacker could have compromised the email account itself, or a device that has your email already set up on it—but it is an added layer of security.

Another form of two-factor authentication is requiring a PIN code in addition to a password. While superior to password-only logins, many think that using device-based two factor authentication is better still.

That form of two-factor authentication often requires users to enter a one-time code sent to your mobile device over SMS or generated by a dedicated app such as Google Authenticator, Blizzard's Authenticator, or the built-in two-factor authenticator in 1Password.

This method goes a step further in protecting you because it requires the additional form of verification when you log in from a new device, or even every time you log in, depending on the service and setting options.

Apple Two-Factor Authentication

Apple has a two-factor authentication system built into iOS and OS X that sends a code to any device you have authorized within iCloud. I absolutely recommend you enable this, and you can do so through your Mac or iOS device you have authorized:

On your iPhone, iPad, or iPod touch with iOS 9 or later:

  1. Go to Settings > iCloud > tap your Apple ID.
  2. Tap Password & Security.
  3. Tap Turn on Two-Factor Authentication.

On your Mac with OS X El Capitan or later:

  1. Go to Apple () menu > System Preferences > iCloud > Account Details.
  2. Click Security.
  3. Click Turn on Two-Factor Authentication.

When activated, Apple will periodically require you to enter a code it sends to the device of your choice. Apple also requires it when logging on to your account from a new device, a key protection.

Next: Using Google Authenticator or 1Password with Third Party Sites Like Dropbox

Popular TMO Stories


Joe Holmes This site keeps an ongoing list of services that offer two-factor authentication and also lets you send a direct tweet to companies that don’t offer it.

Bryan Chaffin

That’s a good resource, Joe. Thanks for posting!

Abbe Sillie

If biometrics be offered, do not activate it.  Biometrics, whether static or behavioural, should not be activated if you are security-conscious.

It is now getting known that the authentication by biometrics usually comes with poorer security than PIN/password-only authentication.  The following video explains how biomerics makes a backdoor to password-protected information.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account