2FA (two-factor authentication) is my BFF and should be yours too, IYKWIMAITYD.
What does 2FA mean?
Two-factor authentication (2FA) is a fancy way of saying that the system is double checking it’s really you trying to sign in — you need a second authentication step, beyond your username and password*.
There are a few different types of 2FA, such as:
- Answering “secret questions”
- Scanning your face, or fingerprint
- Approving the login request via another app
- Entering a PIN code (from memory)
- Entering a 2FA code (from an authenticator app, or a text-message)
There are various authenticator apps available, but I use Google Authenticator as it’s easy to setup, always with me (as an iPhone app), and seems to work with most of the apps I want 2FA for.
Here’s a short (4min) video on how I use Google Authenticator:
Here’s what’s covered:
0:08 What is 2FA
0:25 Types of two-factor authentication
1:00 Google Authenticator app
1:21 Authenticator app demo
1:43 Add a new account for 2FA
2:00 When to use 2FA
2:28 Backing up the Google Authenticator app
3:11 Password manager apps
And here’s what it looks like in use:
A note on backups
I don’t have a paid iCloud hosting account, so I need to keep my data backups to a minimum but Google Authenticator is one of the verrry few apps I use the in-built iCloud backup service for — to make sure I don’t lose my two-factor authentication access if I lose my phone.
*Here, I’ve gotta say it: please please please use a password manager, if you can afford it. Apps like 1Password, Dashlane and LastPass are the gold standard for storing passwords securely, and easily accessed from your computer or smartphone. If you’re an Apple user, then the iCloud keychain service is the next best thing — this option is free, but less secure and only available on Apple devices. All of these are better than using the same password for everything. Please don’t do that.
Do I need two-factor authentication?
It’s more and more common for 2FA to be a requirement (like you can’t get in without it!) but it’s a really good idea to turn it on for any apps or websites that offer it as an option. By requiring this ‘double check’ you’re adding an extra layer of protection, making it harder for someone else to login pretending to be you.
At a minimum, think about where your most sensitive data might be stored and start with those, such as:
- Online banking
- Any other financial systems (like shares, or insurance)
- Your primary email
- Phone account
- Other utilities (like gas, water, and electricity providers)
Once you’re up and running, it’s easy to add other services over time. I promise it’s worth it!