Two-Step Login: What Should I Know?

Confused by the jargon around two-step login? This article demystifies the terminology, explains its importance for security, and provides key insights for implementing it at work and in personal accounts.

How do you say it?

There are (too) many terms for this extra security:
Two-step login, Two-step verification, Two-factor authentication, Multi-factor authentication, MFA, and 2FA. They all mean roughly the same thing: provide extra security in addition to your password!

Why should you?

When you set up two-step verification, you add an extra layer of security to your apps and accounts. This means that cybercriminals can’t hack you with just your username and password. This is very important. Imagine if:

Someone takes over your Facebook or Instagram and spreads fake news or strange photos;
A cybercriminal takes over your WhatsApp account and asks your friends and family for money (fraudulent help requests);
Or a cybercriminal takes over your online banking app and withdraws money from your account.

Twice as safe in just two steps

Make sure the first step is also safe. This means that each account has a unique password of at least 12 characters.
With two-step verification for an account, an access code is sent to a trusted device or app to log in. For an app, you set a PIN or facial recognition.

Reference Notes:

You may already be aware of my collaboration with the Dutch government and their endorsement of my Information Security PubQuiz. If not, you can read about it here. Regrettably, the government education site that underpins part of my PubQuizzes is not available in English. Therefore, I’ve translated the articles from “veiliginternetten.nl” and “alertonline.nl” and you can read them on my site. The original source for this article, in Dutch, can be found here.