Using 2FA can prevent someone who has already gotten your password from logging into your account.
Imagine waking up to find that your email or social media accounts have been broken into. What internal data, personal information or sensitive documents would be in the wrong hands?
With the technology available today, relying on passwords alone to protect your accounts can leave your information vulnerable. An attacker can obtain your password through:
Brute-force password guessing
- An attacker can simply guess common passwords against your account to try to log in, compromising passwords that you might have thought were unique, but that are commonly used by other people.
- A situation in which you have used the same password for multiple accounts; an attacker discovers this password in association with one account, and uses it to log into your other accounts.
- Attackers attempt to steal your information by leading you to a website that prompts you to enter your password. The site looks legitimate, but is actually controlled by the attacker.
- Attackers take control of your computer, then steal your passwords by observing your keystrokes or downloading them from your password manager.
- An attacker will trick you into giving your password to them through social interaction, like a phone call.
Using two-factor authentication (2FA) is a low cost, easy way to significantly reduce your risk of account compromise. Using 2FA requires you to use your password plus a temporary code (typically six digits long) sent to an app on your phone or a physical security key to log into your account. A hacker who has your password, but not the code or the security key, would not be able to log into your account.