What is Two-Step Verification?
Two-Step Verification (or 2SV for short) is a secondary check - in addition to your password - that's used to verify you are who you claim you are.
You might also see the term Two Factor Authentication (2FA) used as well. Whilst this is technically different to 2SV, both concepts are similar in that they involve an extra step to just a password. So whether a website calls it 2FA or 2SV it doesn't really matter - it's a great way to help improve our security!
The secondary check used can vary but often involves having to type in a single-use code in addition to your password. This code could be generated by an app on your phone, it could be sent as a text or voice message, or it could be displayed on a small device given to you in advance (banks often do this).
This works because any hacker would now have to find out this code in addition to your password, something that is much more difficult to pull off.
Two Step Verification is not a substitute for having a strong password - for the best protection on your accounts you need to use both.
When is it used?
Two Step Verification checks are often used when a website perceives an increased security risk, for example if you're logging in from a different computer to normal, or when you try changing your delivery address on a shopping website. Some sites (banks for example) might even ask for this security code every single time you login.
It’s worth enabling 2SV/2FA on your accounts when a website offers it - if your password were ever to be stolen then this extra security can still keep the attackers out.
What else do I need to know?
There are several ways you can get 2SV/2FA codes for logging into your accounts:
- Sent as a text message;
- From a special app on your phone (such as Google Authenticator);
- Displayed on a little physical device.
There are other methods too but these are the main ones.
Not all methods are as secure as each other....
Intercepting these messages still takes skill & determination and is extremely rare, but if you are looking for the best security (for your bank account, for example) then you should opt for using an authenticator app or code-generating device if you can - and not text message.
That said, you shouldn't avoid using 2SV / 2FA just because of this! Enhancing your account security with 2SV/2FA codes sent by text is still *FAR* more secure than not doing this at all!
How do I set it up?
To set up Two Step Verification on the websites you use check their own help pages:
If your favourite site isn’t listed here then try searching on their website for "2 factor", "login approvals", or "account verification". You can also check on the website TwoFactorAuth.org.
When setting up 2FA/2SV be sure to get & safely store any recovery codes (the website should tell you about this), just in case you ever lose your phone or code-generating device!