by Bill Snyder

Two-factor authentication, and how it protects your passwords

Feb 16, 2016
Consumer ElectronicsMobile SecuritySecurity

If you're not already using two-factor authentication to secure your passwords, you're putting sensitive personal information at unnecessary risk. Here's how two-factor auth works, along with a tool to help you get started with the tech.

Passwords are problematic. They can be forgotten, hacked, and they’re sometimes so simple anyone could guess them. However, passwords are also a fact of digital life. Password managers help keep track of all your logins, but it’s possible for these sites that hold your master password to be hacked — and then you’re really in trouble.

Fortunately, a relatively simple way exists to add another layer of protection: two-factor authentication. It’s an extra step beyond the password, and today an increasing number of sites and online institutions support the technology. 

How two-factor authentication works

Say you want to use two-factor authentication to log into your bank account. After you enable the service, you’d type the password into an app or browser and then you’d received a randomly generated code via text message. After you enter your password and the one-time code, you get access to your banking details. Of course, you have to have your phone with you to take advantage of the safeguard, unless you already authorized a “recognized” device, and if you lose your phone or the power runs out you could be locked out of sites that use two-factor authentication.

Other forms of two-factor authentication also exist, and some involve a physical access device such as a key fob, but the text message is the most common and the simplest method.

Not surprisingly, there are different ways to set up two-factor authentication, and some can be a bit confusing. However, I recently came across a tool that makes setting up the extra protection much easier. TeleSign, a mobile security company, operates a website that’s basically a library of instructions for how to turn on two-factor authentication for a number of popular sites.

It includes more than 200 websites, and the company says it regularly adds more. Today includes tutorials on about a dozen financial services companies, including Bank of America, Wells Fargo, and PayPal. It also has information on how to set up two factor for Facebook, Google, Apple, Amazon and Yahoo, among other popular consumer sites.

Getting started with two-factor authentication

Here’s how works. I use a password manager called LastPass that supports two-factor authentication. If you go to, you see a search box that asks you to enter the name of the site you want to learn about. Typing in “LastPass” and then clicking through the prompts takes you to a series of step-by-step instructions on how to add the extra security safeguard to a LastPass account.

You probably have passwords for many different sites, and setting up two-factor authentication on all of them could be a lot of work. TeleSign Senior Vice President Brian Czarny say you should “start with the ones that are the most valuable to a fraudster, like your bank account or email account.” That’s good advice, and you can always add two-factor to additional sites or accounts in the future.

Of course, even the most secure passwords can be hacked. If a company you do business with suffers a breach, something you have no control over, your password can be exposed to bad guys. Setting up and using two-factor authentication can take some time, but it’s well worth the effort, money and frustration it could potentially save you in the future if your passwords are somehow exposed.