Woman outside looking at phone

The easy trick that helps make your accounts more secure

Many online accounts and services now offer two-factor authentication(2FA). If you see a message about setting up 2FA, it’s an offer you shouldn’t refuse, even after you’ve strengthened your passwords (see this article about making passwords stronger).

Put simply, 2FA means that in addition to entering your password, a second verification is required for you to log in. You will usually be sent a code by text or email, which you’ll have to manually enter on the site. So even if someone has your stolen password, they can’t get into your account without that code.

Is the minor extra work involved with 2FA worth it? Yes, according to Sandor Palfy, CTO of Identity & Access Management at LogMeIn, which makes a password manager called LastPass. “2FA protects user credentials from password guessing software, eliminates the collateral damage from successful phishing attempts, and adds protection for consumers.”1

One more point about 2FA: If given the choice, use an authentication app to get the code. Sounds complicated, but it’s just an app that sits in your phone and generates the 2FA code that would otherwise be texted or emailed. This reduces the possibility of hackers intercepting a text or email on its way to you.  

Finally, make sure you take advantage of any notifications or alerts for your important accounts, like banks, credit cards and email. These alerts, often delivered by text message, can include things like suspicious activity on your account or a login from a new device. Nipping any suspicious activity early can seriously limit the damage done.

Back to Password Security

How Your Password Gets Stolen

You get a scam email, text or call. Called phishing, smishing or vishing, this is the classic email, voice call or text message asking you to reveal personal or financial information. But it won’t be obvious—crooks are really good at making the request seem urgent and legitimate.

What you should do 
: Never give out personal information by email, voice or text. If the appeal does seem real, get in touch with the company directly using contact information from the back of your credit card, or go to the website yourself instead of clicking the link in the email.

Your data gets hacked at a company. You read in the news or hear directly from the company that a large database of IDs and passwords has been stolen.

What you should do 
: Immediately change the password for your account with that company. If you’ve been using the same or similar passwords for other sites, change those as well.

Your laptop or phone is stolen. The thief may check your browser history to find your bank and credit card sites, then scour the rest of your computer for clues to your passwords, like pet names and birthdays.

What you should do 
: First, set up your computer and phone so each requires a password or fingerprint login to turn back on if they’ve gone into sleep mode. Don’t store passwords in a document on your computer. And be sure to turn off auto-fill on your password manager and browser.

1 Sandor Palfy, Email interview, 5-1-18.

Third-party product, service and business names are trademarks and/or service marks of their respective owners.