Why to Set Up Two-Factor Authentication (“2FA”) Everywhere You Can – Here’s Where

2-factor authentication
Share the knowledge

Here is why you must set up two-factor authentication (also called 2-step verification, or simply “2FA”) wherever you can. Many places now offer it, including Facebook, Paypal, Twitter, and, of course, Gmail (Google). You may in fact remember the story of how Naoki Hiroshima lost their Twitter account, valued at $50,000, to a hacker. Basically the hacker managed to get into and redirect Hiroshima’s email domain, allowing the hacker to do password resets on some of Hiroshima’s accounts, and intercept the password reset emails. It’s very easy for someone to do a password reset on an account if they have the email address, however with 2-factor authentication is becomes a lot harder.

[Read Naoki Hiroshima’s “How I lost my $50,000 Twitter username”]

The Naoki’s case, the hacker first tried hacking into Hiroshima’s Paypal account, which didn’t work, because they were stymied by Paypal’s two-factor authentication. (Unfortunately, the hacker then simply called Paypal, and through some social engineering got a Paypal employee to give the the last four digits of Hiroshima’s credit card on file, which in turn the hacker used to convince GoDaddy that they were Hiroshima.)

Anyway, all of this serves to highlight this: You should have two-factor authentication set up with every account that offers it. And, if you are using a service that doesn’t offer it, you should request that they do. Maybe even threaten to switch to another, similar service that offers it – in fact, maybe actually switch to another service that offers it.

(Two-factor authentication is basically having two passwords, the second one of which is randomly generated, and is good for only a few minutes, and is delivered to you through a device, an app, or an SMS text message.)

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Whenever possible you should set it up as an SMS text message direct to your mobile phone.

Twitter SMS verification

Here’s why: Some places (such as Paypal) offer you a separate device with which to generate a special one-time code, like a keyfob or credit-card sized “security key”. Other places, such as Google, offer you a standalone app that will generate a special one-time code for you. But (nearly) all places offer the option of having the random code for your 2-factor authentication delivered to you by SMS text message.

Paypal’s Security Key Options
paypal two-factor authentication

Now. Imagine you use the security key offered by Paypal. And imagine that you lose your wallet in which you keep the security key. Suddenly you are locked out of your Paypal account.

Similarly, imagine that you use the Google authentication app on your phone. And you lose your phone. Even if your phone doesn’t fall into the wrong hands, you have no way of accessing your Google account, because you can’t get the code from the app.

But, if you instead have set up all of your two-factor authentications to come to your cell phone as text messages, and if you lose your phone, it’s a simple matter of having your phone carrier (i.e. AT&T, Verizon, T-Mobile, etc.) turn off the SIM card in your lost phone, and reactivate it in a replacement phone. You will have the same phone number, and your two-factor authentication texts will still come right to you.

All that said, here is a list of the more popular services and social media of which we are aware that offer 2-factor authentication. To the best of our knowledge, they all also offer the code-by-SMS-text-message option, unless otherwise noted. If you run into any that don’t, or if you know of other services that offer 2-factor authentication, please feel free to add them in a comment!

Google 2-step verification

Facebook two-step authentication (called “login approvals”)

Twitter two-step authentication.

Paypal two-step authentication (called “security key”)

LinkedIn two-step verification

GoDaddy two-factor authentication

Yahoo two-factor authentication

Microsoft/Live two-factor authentication

Apple two-step authentication

WordPress.com two-factor authentication

Amazon Web Services (AWS) two-factor authentication

Dropbox two-factor authentication

Evernote two-factor authentication

Lastpass – unfortunately Lastpass doesn’t offer an SMS option, you have to use the Google authenticator app.

For a more comprehensive list of websites and services that offer two-factor authentication, incuding financial services such as CitiBank, Bank of America, and Charles Schwab, see Evan Hahn’s Two-Factor Auth List.

For a list of domain registrars that offer two-factor authentication, see Elliot Silver’s List of Domain Registrars that Offer Two-Factor Authentication over at DomainInvesting.com.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.