The Pros and Cons of Two-Step Verification

Two-step verification (2FA) is a way to protect yourself from hackers and identity theft. It sounds complicated, but it's actually quite simple.

You may have seen security professionals on the news suggest two-step verification (2FA) as a way to protect yourself from hackers and identity theft. It sounds like something that only a tech-savvy person would understand, but it’s actually really simple. Here’s what you need to know.

What is Two-Step Verification?

Two-step verification simply adds another step to your logins. In addition to logging in with your password, you also may need to enter a code sent to your phone or email. Three types of backup information can be used as a second verification method: something you have (your phone or email address, for example), something you know (like a security question) or something you are (like facial recognition or your fingerprint).

How to Set Up Two-Step Verification

Most apps and major websites, including bank and social media sites, offer two-factor verification. It needs to be activated on each site and app, and the setup can be different for each one. You can find 2FA setup details in the help section on each site or app. In the search bar, type “two-step verification” to find the steps.

Your phone and computers can also be set up with 2FA. Go to your devices’ settings, then look in the security options to find the two-factor details.

The Pros and Cons of Two-Step Verification

Adding 2FA to your accounts is smart. If your password or other login method is compromised, it gives you another layer of protection to keep someone with bad intentions out of your account.

The only real drawback of 2FA is time. It takes time to set up and extra time to login. Also, one of the most common forms of backup — a code sent as a text message — isn’t as secure as it should be. Hackers can steal your phone number and redirect codes so that they can access your accounts.

One way to make your accounts more secure through 2FA is by using an authenticator app like Google Authenticator (free on Android and iOS), Authy, 1Password or LastPass. These apps will sync with whatever you are trying to log in to, then give you a randomly-generated six-digit code you must enter to log in. You have 30 seconds to enter the code or it changes to a fresh code. This constant refreshing of the code makes it practically impossible for hackers to gain access to your accounts. Of course, if your phone is stolen, someone could still get access to your accounts through the app.

Although it can be time consuming to set up and it isn’t perfect, two-step verification is a good defense against identity and account theft. If you do nothing else, be sure to set up two-step authentication on your bank and social media accounts.

Alina Bradford
Alina Bradford is a technology and internet safety and security expert for and has contributed her insights to dozens of national publications, both in print and online. Her goal is to make gadgets less mystifying, one article at a time.