Enabling 2-Step Verification (2SV)

Two-step verification can add additional security to your password

A good password will only protect against certain types of hacker - add Two Step Verification to make your accounts really secure.

No matter how strong your password is, it won't matter if it's stolen from a website or by a virus. Two Step Verification exists for this reason by giving an extra hurdle for hackers to overcome.

Jump straight to topic:

What is Two-Step Verification (2SV)?

Two-Step Verification (or 2SV for short) is a secondary check - in addition to your password - that's used to verify you are who you claim you are.

An RSA token providing a two factor authentication code

You might also see the term Two Factor Authentication (2FA) used as well. Whilst this is technically different to 2SV, both concepts are similar in that they involve an extra step to just a password. So whether a website calls it 2FA or 2SV it doesn't really matter - it's a great way to improve our security!

The secondary check used can vary but often involves having to type in a single-use code in addition to your regular password. This code could be sent as a text message, it could be generated by an app on your phone, or it could be displayed on a small device given to you in advance (banks often do this).

This works because any hacker would now have to find out this code in addition to your password, something that is much more difficult to pull off.

Two Step Verification is not a substitute for having a strong password - for the best protection on your accounts you need to use both.

When is it used?

Two Step Verification checks are often used when a website perceives an increased security risk, for example if you're logging in from a different computer to normal (Facebook use Two Factor Authentication for this purpose), or when you try changing your delivery address on a shopping website. Some sites (banks for example) might even ask for this security code every time you login.

It’s worth enabling 2SV or 2FA on your accounts when a website offers it - if your password were ever to be stolen then this extra security can still keep the attackers out.

What else do I need to know?

There are several ways you can get 2SV/2FA codes for logging into your accounts:

  • Sent as a text message;
  • From a special app on your phone (such as Google Authenticator);
  • Displayed on a little physical device.

There are other methods too but these are the main ones.

Not all methods are as secure as each other....

In the last few years some criminals have learnt how to intercept codes sent by text message, and have used this against some companies, such as the Metro Bank in the UK and Reddit.

Intercepting these messages still takes skill & determination and is extremely rare, but if you are looking for the best security (for your bank account, for example) then you should opt for using an authenticator app or code-generating device if you can - and not text message.

2FA or 2SV codes generated on a phone app or physical device are far more secure than those sent as a text message.

That said, you shouldn't avoid using 2SV / 2FA just because of this. Enhancing your account security with 2SV/2FA codes sent by text is still far more secure than not doing this at all!

How do I set 2SV / 2FA up?

To set up Two Step Verification on the websites you use check their own help pages:

If your favourite site isn’t listed here then try searching on their website for "2 factor", "login approvals", or "account verification". You can also check on the website TwoFactorAuth.org.

When setting up 2FA/2SV be sure to get & safely store any recovery codes (the website should tell you about this), just in case you ever lose your phone or code-generating device!

Have any feedback on this page? Let us know - [email protected]