Two Factor Authentication (2FA)

Two Factor Authentication (2FA)

Harassers and hackers may try accessing your account(s) to get your data and location info. But 2FA helps stop these attempts, since it requires hackers to enter not one but two pieces of information about you to gain account access. It basically acts as an added layer of security beyond a password, and lowers your risk of being defrauded even if your login information is stolen (or if you’ve re-used a password from another account that has been breached.)

Refer to the types of widely used sites listed below. The accounts you choose to 2FA can be based on: which sites you use most frequently, your priorities on what you want to secure, and who might be targeting you (and what they might be targeting).

Before you start, allocate time. (Setting up 2FA takes approximately takes 2-5 minutes per account.) Also, ensure you have an internet connection.

Download as PDF
Now

First, make sure you:

  • Set Up 2FA for your most critical accounts:
    -- Primary work email address (e.g. with employer)
    -- Contact your IT department if you cannot configure
    -- Primary professional email address (e.g. work-related gmail)
    -- Primary personal email address
    -- Google login(s)

-- Tip: Start with accounts you use most frequently

Next

Then, choose what to do:

Consider setting up 2FA for other accounts:

◻ Cloud storage accounts (e.g. iCloud,Dropbox, Box)

◻ Social accounts (Twitter, Facebook, Instagram, LinkedIn, Reddit, Snapchat)

◻ Financial accounts (Venmo, Paypal, Square, Mint.com, and other bank and credit card companies’ sites)

◻ Communication applications (e.g. WhatsApp, Signal)

◻ Work-related or collaborative tools (e.g. Slack)

◻ Publishing accounts (e.g. Tumblr, Medium, Squarespace and Wordpress)

◻ Shopping accounts such as Amazon

◻ Older accounts, such as emails addresses you no longer use

Consider
  • List out your accounts before you begin the 2FA process
  • If you are most concerned about securing your financial accounts, call your bank and 2FA your financial accounts first
  • If you are unsure which accounts allow 2FA, check this list
  • If you store confidential information on certain devices, consider login / accounts associated with those devices
  • If you are unsure of risks, consider engaging in threat modeling

Read

Two Factor Authentication: Who Has It, and How To Set It Up by Eric Griffith

Two-Factor Authentication: How and Why To Use It by Matt Elliot

Electronic Frontier Foundation - articles on how to 2FA various accounts

Two Factor Auth - list of websites and whether or not they support 2FA