With the world becoming increasingly digital, online accounts have been a prime target of scammers and fraudsters attempting to steal people’s personal information. In 2021, the Federal Trade Commission received fraud reports from more than 2.8 million people, with $5.8 billion lost. The two most commonly reported categories were imposter scams and online shopping scams. While passwords are the first line of defense in protecting personal information and preventing online fraud, they are a fragile defense. People can be lulled into a false sense of security by thinking their long, complex, hard-to-guess passwords are enough to keep them safe online. If an online retailer or service improperly stores passwords and has their server breached, the fraudster has access to everyone’s passwords. The second and much stronger line of defense for accounts is two-factor authentication. 

What is two-factor authentication? 

Also known as multi-factor authentication, this is an extra security step in the process of logging into an account. As usual, people enter either their username or email address, followed by their password. However, instead of being granted access to their account after successfully entering the password, the user needs to confirm their identity via another specified method. For example, the institution sends a text message or an email with a one-time code that the user must enter to complete the login process. Other two-factor authentication methods include biometric information, such as fingerprint or facial recognition scanning. 

Authentication apps are also growing in popularity. These apps generate short codes that change on a regular basis. If someone uses the app for two-factor authentication, they’ll need to copy the code from the app in order to log in. This makes gaining access to accounts much, much more difficult for fraudsters. Even if a fraudster is able to get their hands on a password, they still couldn’t access the account without the user’s personal device. With facial recognition or fingerprint scanning, they couldn’t access the account even with the password and device. 

Where should people use two-factor authentication? 

Financial institutions: Credit unions, banks, and credit card companies have made significant investment in fraud detection programs. Even so, if two-factor authentication is available, use it to ensure that your finances are protected. 

Email accounts: A fraudster can create a lot of trouble by gaining access to an email account. Emails are a standard method of sending password reset links and are often used to confirm identity during a login process. Prioritize protecting email with two-factor authentication. 

Social media.  A fraudster who gains access to a social media account gains personal information on both the user and the user’s friends and family. That information can be used to steal identities. Nearly every social media platform supports and encourages two-factor authentication. 

Online retailers. When using a debit card, credit card, or financial institution account information to make purchases on any online retailer’s website, safeguard the login process with two-factor authentication. A fraudster who gains access to the username and password can run up charges, ship items wherever they want, and even copy the information to make purchases or open up lines of credit elsewhere. 

For maximum protection, use two-factor authentication everywhere that it’s an option. While no security method is entirely foolproof, two-factor authentication makes it much more difficult for fraudsters to steal personal information or access accounts.