Two-factor authentication can be a pain, but it absolutely makes your accounts more secure. Two-factor authentication means you need to pass another layer of authentication, not just a username and password, to get into your accounts.

If the data or personal information in an account is sensitive or valuable, and the account offers two-factor authentication, you should enable it.

Two-factor authentication verifies your identity using at least two different forms of authentication: something you are, something you have, or something you know.

Something you know is the password, naturally. Something you are could mean authentication using a fingerprint, or facial recognition. Something you have could be your mobile phone. You might be asked to enter a code sent via text, or tap a confirmation button on a mobile app.

Something you have could also be a physical Security Key; Google and Microsoft have announced a push toward this kind of authentication. If you just use a password for authentication, anyone who learns that password owns your account.

With two-factor authentication enabled, the password alone is useless. Most password managers support two-factor, though some only require it when they detect a connection from a new device. Enabling two-factor authentication for your password manager is a must.

Our feature on who has two-factor authentication and how to set it up can help you get started.

Think of all the personal data and connections on your smartphone. Going without a passcode lock is unthinkable. Many smartphones offer a four-digit PIN by default. Use biometric authentication when available, and set a strong passcode, not a stupid four-digit PIN. Remember, even when you use Touch ID or equivalent, you can still authenticate with the passcode, so it needs to be strong.

Modern iOS devices offer a six-digit option; ignore it. Enter your old passcode, if needed. On the screen to enter the new code, choose Custom Alphanumeric Code. Enter a strong password, then record it as a secure note in your password manager.



