You see it all the time: Your friend, who normally posts updates about her kids, suddenly bombards her Facebook friends with spam about weight loss, or worse, offensive pictures and videos. Has your friend suddenly had a complete personality switch?
Most likely, that’s not the case; your friend’s account has been hacked and taken over by spammers who will stop at nothing to spread their malware — and cost you time and money. And it’s not just your social media accounts you need to be concerned about; your online bank accounts, store accounts, or any other account that requires a password is vulnerable to unauthorized access if you don’t take the necessary precautions.
While developing challenging passwords and safeguarding them, maintaining up-to-date virus protection and only working on secure connections can keep your accounts from being hacked, there is one more thing you can use to protect your data: two-factor authentication (2FA). Two-factor authentication adds a layer of protection, making it more difficult (or even impossible) for criminals to access your accounts.
2FA: The Basics
Two-factor authentication adds an extra layer of protection to your account. If you only have to enter a username and password to gain access, that is considered one-factor authentication; you only need to know the password.
Two-factor authentication requires that you provide something else in addition to the username in order to access the account. That something else can be something you have, such as a card, key or mobile device; something you know, such as the answer to a challenge question or a PIN; or something you are, such as the case when the account uses fingerprint or voice recognition in addition to a password. A common example of 2FA happens at the bank ATM: To get your cash, you must have both the card and the PIN. Without either of those, you can’t get in.
Most online accounts use the 2FA protocol of a username, password and something you know or have, since requiring something you are is largely impractical. If the requirement is something you have, it’s usually your phone, which is used to access the something you know. For example, a 2FA process may require you enter a specific code sent via text message each time you log in or change your password. Without your mobile device, you won’t have the code (the something you know) — and will be denied access to your account.
Securing Your Accounts
While your bank and other specific companies will often have their own 2FA protocols (most banks require you to answer a challenge question or enter a code, for example) to keep your information safe, you can also secure most of your social media accounts. Doing so will not only help protect you against identity theft, it will also keep out the criminals who want to spread malware that will harm your system.
To protect your Facebook account, log in to your account and go to the “account settings” tool. In that menu, choose “security,” and then “log-in approvals.” On that screen, you can direct Facebook to send you a unique code each time you try to log in from a new or unfamiliar browser. The code is automatically sent through Facebook’s mobile app (find it by tapping on the “more” menu and then “code generator”) but you can direct the site to send a text message as well in case you can’t access the app. You’ll only need to enter this code the first time you log in from a new browser, and it doesn’t protect mobile devices, but it offers another layer of protection if you log in from a public computer.
To protect Twitter, the process is similar. You’ll need to associate a cell phone number with your account, and then using the “Account Settings” menu, choose an option for verifying log-ins: Either you can enter a code sent via text or use the log-in verification process in the app itself.
Google and Microsoft also offer 2FA capabilities that can be accessed through your account settings and customized to your needs. In both cases, you’ll need to associate a mobile phone number with the account in order to receive text messages with security codes that will allow you to log in.
Employing 2FA to protect your accounts does take a little time and adds an extra step to the log-in process. But if you need file recovery software because your machine has been wiped out due to a hacker, you’ll probably agree that it’s a few extra seconds well spent.