Like most people, you probably use a strong password to protect your accounts.
But the Federal Trade Commission warns that hackers can steal your passwords through phishing attacks, and scammers can buy passwords exposed in a data breach.
Hackers might also try to use your username and password to log in to another one of your accounts, which is a reason to never reuse the same username and password.
If hackers only have your username, they can use software to guess your password. If the site doesn’t have safeguards to detect this type of attack, the hacker’s software might be able to try many different passwords.
So what’s the best way to protect your accounts? FTC said it’s using two-factor authentication, sometimes called two-step verification or multi-factor authentication.
Using two-factor authentication is like using two locks on your door — and is much more secure. Even if a hacker knows your username and password, they can’t log in to your account without the second credential or authentication factor, which can be:
- Something you know, like a password, a PIN, or the answer to a security question.
- Something you have, like a one-time verification passcode you get by text, email, or from an authenticator app; or a security key.
- Something you are, like your fingerprint, your face, or your retina.
More and more sites and apps are offering a two-factor authentication option, but you usually have to turn it on.
It’s worth the time!
Spend a few minutes to turn it on now -- and save yourself the countless hours it’ll take to recover a hacked account later, the FTC says.
To turn it on, go to your account settings, look for two-factor authentication, two-step verification, or multi-factor authentication, and follow the steps.
The FTC suggests starting with your most sensitive accounts, like your bank, credit cards, email, social media, tax filing website, and payment apps. Then add it to other accounts, like sites you shop on.
After you set up two-factor authentication, you may have the option to remember the device you’re using to log in, so you may only need to do use two-factor authentication in certain situations, like when you log in from another device.
The FTC recommends only having the account remember your own devices. Don’t have it remember the device if you’re logging in from a public computer, like at a library.
Click here to learn more about two-factor authentication and how to enable it on your accounts.