Two Steps Ahead Campaign

Two Steps Ahead Logo

On the Internet, a password is like the key to your house - it keeps all of your things safe, from your streaming movies to your banking information. Usually, a username and password gives you access to your email, financial and health information, photos and videos, social networking sites and other accounts.

These accounts contain a tremendous amount of personal and financial information, so you don’t want that data falling into the wrong hands. According to the 2014 Identity Fraud Study by Javelin Strategy, account takeovers accounted for 28 percent of all identity fraud in 2013. That's why it's important to use all the security tools at your disposal to protect your account.

Passwords aren’t the best way to secure your accounts. Passwords have been stolen in large-scale data breaches, placing millions of people at risk of identity, data or financial theft.  And people don’t always follow the best practices when it comes to passwords, like having a separate password for each account and making passwords long, strong and unique. And sometimes, people don't choose strong passwords - so cybercriminals can guess them and gain access to their online accounts. If that password is reused, the bad guys have access to all of your accounts. 

Many people aren't protecting themselves online and don't always follow the best practices when it comes to passwords, like having a separate password for each account and making passwords long, strong, and unique. Some of the most popular passwords are "password1" or "123456."

In fact, according to a recent Pew Research Center Study, 21% of Internet users over the age of 18 have had an online account compromised. And if you use the same account (for example, your email) to manage other accounts, your risk of account hijacking or identity theft is increased.

The Solution

Online services like email, social networks and banking make it especially important to secure your accounts. Luckily, many of these sensitive online services give you the tools to protect yourself and your information online.

Email providers and financial services to social networks and blogging platforms are implementing new security features that can help their users add another layer of security to their accounts.  These technologies are often referred to as two-step authentication, login approvals, multi-factor authentication, etc. because they add a new layer of protection by adding a second element - in addition to a password - to protect your account.

These methods provide an extra layer of security. Most people only have one layer to protect their account. But combining something you know (your password) with something you have (your phone, a token, fob, etc.) makes your account even more secure by requiring the second element to log in.  Simply put, two-step authentication makes sure it's really logging in, not just someone who has your password.

What is Two-Factor Authentication?

Two-factor authentication (also referred to as two-step or multi-factor authentication or verification or 2FA) is an overly technical-sounding term for a simple solution.

It’s a security tool that uses multiple verification techniques to prove that the person attempting to log onto an account is really them.

Some of these methods include:

  • Something you know:  a password, code, passphrase or PIN
  • Something you have: a physical token, chip, fob, or phone

These methods provide an extra layer of security. Most people only have one layer – their password – to protect their account. But combining something you know (your password) with something you have (your phone, token, etc.), makes your account even more secure.

Why Should I Secure My Account?

Enabling these services adds an extra layer of protection to your accounts. You can also think of them as deadbolts to your online house. These features significantly improve the security of your accounts because they require something only you will know or have, like a personalized code or PIN and your phone.

Even if your password gets stolen, it will be more difficult for someone to access your account if you’ve enabled these services.

How Do I Enable?

There’s no universal method, but most web services that offer account protection beyond the password require the use of a phone, email account, physical device (token, chip, fob, etc.), texting service, your knowledge of a social networking account, etc.

Here’s how many services typically work:

  1. You enter a phone number or an alternate email. (This is a way for the online service to contact you when you want to access your account.)
  2. The service provider generates and sends you a verification code. This code is only good for one use - otherwise it would be just like a password!
  3. Once you receive the code, you enter it in, along with your username and password and gain access to your account. (This step can vary depending on the web service you're using.)

Two Steps Ahead: Protect Your Digital Life Tour

STOP. THINK. CONNECT. and other partners are hosting events throughout the country to educate people and small business owners about adding layers of security to their everyday online activities.  To learn more about the Two Steps Ahead: Protect Your Digital Life Tour, visit the Events page.

Resources

For more information about two-factor authentication, including step-by-step instructions for enabling the service on different platforms, visit the Resources page.