You may have come across advice to setup two-factor authentication (2FA) on some of the websites or software that you login to. But what is? And when should you use it?

At its simplest, 2FA is the process required to access something by using two separate methods. It enables a higher level of security than just adding a username and password to a site, relying upon a second factor, usually either a security token or a biometric action.

How Does It Work?

When you reach the login screen, you will pop in your username and password, as you would ordinarily. Once this has been recognised, you are prompted to implement the second stage. This step can take several forms; you may have to prove something only you would have, such as a security token, ID card, smartphone or other mobile device. You then enter your one-time code that was generated and voila – you are authenticated and granted access to the application or website.

Where Would I Use 2FA?

In a business environment, 2FA should be set up for anyone to access company sensitive data – this could be shared drives, backups, or the accounting software. For personal use, 2FA can be enabled on any setup where you would be devastated if someone else, someone unwanted, had gained access. An example here would be your social media accounts.

2FA does not guarantee you won’t get hacked – but it does give you another level of defence. The more steps that you implement to access data the harder it is for those you don’t want to access it to do so. Given that passwords are often easy to guess, adding that next level of security means decreasing the chances that it will be you who is hacked.