Two-factor authentication or 2FA is a way of making your logins more secure, by not only requiring a username and password when signing in, but also a special extra code that can either be received as an SMS or else generated by an app or device.
Most of you will already have used 2FA, perhaps without knowing so, when you log in to your internet banking. Most banks give out a 2FA device or card which stores some codes you are required to enter when logging in. This ensures that if someone guesses or cracks your password, they still won’t be able to login unless they are also successful in robbing your physical 2FA device.
I would use 2FA whenever it is possible, but I especially highly suggest using it on websites that contain sensitive information that can be used by a hacker to damage you or steal assets.
Here are a few popular sites to use 2FA on:
- Social media (Instagram, Facebook, Twitter etc)
- Crypto exchanges (Kraken, Coinbase etc)
- Amazon and other e-commerce sites that you use frequently.
- Dropbox and similar platforms storing your files.
- Email accounts (Gmail etc)
For a bigger list check out this site.
How to do 2FA
SMS is one of the most popular but least secure ways of doing 2FA, as sim swap attacks have become popular in recent years. It is highly encouraged to use an app or hardware device for 2FA when possible.
I like the Google Authenticator app and have used it for 2FA purposes. Another popular app is Authy, and it’s probably a better app than Google Authenticator in many ways, including the ability to use it on a desktop as well as being able to set it up on multiple devices.
If you are using the 1Password software, an even easier way to do 2FA is to replace Google Authenticator/Authy/Yubikey with 1Password itself. It has the ability to generate one-time passwords for 2FA purposes. If you wish, you can use both apps at the same time and see which one you like best, they will generate the same number so they are interchangeable.
Now it must be mentioned that using 1Password is less secure than using a hardware device or even an app like Authy or Google Authenticator. The reason is that if someone gets into possession of one of your devices and manages to enter your 1Password vaults using your main password (by guessing or other means of social hacking), they will not only have access to your usernames and passwords, but also to the 2FA codes. Then again, if you’re using a device for 2FA but you’re storing the backup words on 1Password, as many undoubtedly do, you will still run into this attack vector.
Here’s a website that serves as a guide to setting up 2FA on the most popular platforms and websites.