Skip to content

Why you need to use two-factor authentication

Two-factor authentication (2FA) is essential for anyone that wishes to protect their business and systems from unauthorised access and data breaches. Even if your password is known or can be guessed, access to your account will not be possible without a secret code that is only available to you. According to Microsoft, “MFA can block over 99.9 percent of account compromise attacks.”

Two-factor authentication (2FA) is also known as multi-factor authentication (MFA) and 2-step verification (2SV).

What is two-factor authentication (2FA)?

2FA provides an additional layer of security when logging in to your accounts. Along with your username and password, you will also enter a unique one-time code or confirm the login request on your phone. When you log in to an account, the code is sent to your phone by text or authentication app (such as Google Authenticator or Microsoft Authenticator). This checks that it is actually you signing in.

Why you should use two-factor authentication

2FA is the simplest, most straightforward way to stop your account from getting hacked. When someone knows a password, they can get into your accounts and lock you out by changing the password and setting up 2FA on their own device. They can also delete your account, steal your personal information, impersonate you, and attempt to scam your contacts or customers. With 2FA enabled, a hacker would need to steal your password and your device to be able to break into your accounts.

Always set up 2FA with an authentication app if available

Receiving authentication codes via an app on your smart device is more secure than receiving them via text message. This is because it is much more difficult for someone to intercept a code sent to an app because they would need physical access to your device (as well as your phone passcode to unlock your screen). Additionally, SMS messages can be intercepted and you will only receive them if you have a mobile phone signal. You can also back up some apps to the cloud which is useful when you change phones (e.g, if yours is lost, broken or upgraded). There are many authentication apps to choose from, including Google Authenticator, Microsoft Authenticator, and Authy.

Don’t want to use an app?

Receiving authentication codes via text message is much better than having no 2FA. So, if this is your only option, set up 2FA with your mobile number. Do what is easiest for you now, and improve in future.

How to check if 2FA is available

You can usually see if 2FA is available for an account by signing in and locating your account settings. There might be a privacy and security, account settings, or login and security section. Look out for “two-factor authentication”, “2FA” “multi-factor authentication”, “MFA”, “two-step verification” and “2SV”. You can also search the 2FA directory to see if 2FA is available for a particular service or website. This site includes the methods that can be used to receive authentication codes, e.g. SMS, phone call, email, and app.

Make a note of recovery codes

Remember to always make a note of backup recovery codes when setting up 2FA. These are used to access your account if you ever lose or damage the device you receive the 2FA codes on. If you do not have these you may not be able to get back into your account, so keep them somewhere safe.

What to do when 2FA isn’t available

Now that you understand how vital 2FA is, you might wonder why it isn’t available for all your accounts… Unfortunately, some companies are still playing catch-up when it comes to security. If 2FA isn’t available for an account of yours, we recommend setting a strong password that can’t be guessed and isn’t used elsewhere. Check out our How to create strong passwords – 3 simple steps blog post.

Sounds like a lot of effort…

I’ll admit, it does require a bit of focus, so set aside 20 minutes at a time, and approach them in priority order: the accounts that have access to your sensitive personal data and company confidential information, and accounts where you’d experience the biggest impact if they were breached or compromised. To help with this, I’ve created Sassy Security’s recommended list of the top 10 accounts to protect in priority order for online business owners.

The time and effort it takes to set up and use 2FA for your accounts pales in comparison to the hassle of getting hacked. This will save you from experiencing the devastation of losing an account, customers and partners, potential identity theft, and time wasted recovering from hacked accounts, plus the brand reputational damage that breaches can have on business owners.

Need help?

If you’d like support setting up 2FA for your accounts, take a look at how we can help you – Level Up Your Logins.



Make sure you’re focusing on the most important accounts… to protect your passion, your business and income.