Two-Factor authentication (2FA), sometimes called Multi-Factor Authentication, is a free security feature that gives you an extra layer of protection for your user accounts. 2FA significantly reduces the risk of being hacked by asking you to provide a second factor of information, such as getting a code via text message, or from an authenticator app, that you need to input when you log in. The NI Cyber Security Centre cannot recommend using 2FA highly enough as a simple ‘quick win’ to better secure your user accounts.
Why use 2FA?
No matter how strong your passwords are, they can only provide so much protection to your user accounts. Passwords could be stolen from you’re the online service that you use or from your phone, tablet or laptop. Or you could get tricked into revealing them through a phishing email for example.
Accounts that have been set up to use 2FA will require an extra check. Even if a criminal knows your password, they won't be able to access your user account because they won’t have this second level of authentication available to them to log into your account.
Most 2FA systems recognise what device you are using and most online services let you control which devices are permitted to access your account. If a devices attempts to access your account which has not been used by you before you will normally receive a notification. It also means you won’t have to go through the 2FA verification process every time you use an app or service with 2FA enabled.
How do I set up 2FA?
Here are some handy links to enable 2FA for some of the most popular services:
- Turn on 2FA for email
- Turn on 2FA for social media
You should enable 2FA for all services which offer it. More information on 2FA and how to set it up for popular services can be found on the NCSC’s Two Factor Authentication article.
When 2FA is not available for an account or service it is even more important to ensure that a strong password is used. You may even want to consider changing to a service provider that does offer 2FA.