Two Factor (or Multifactor) Authentication Explained

Think about how many websites let you reset your password simply by sending a link to your email. Now imagine what happens if you lose control of that email account because an attacker guessed or stole your password. At that point, they don’t just have your email — they can potentially reset passwords everywhere else you have an account. That’s why protecting your email account is critical, and the most effective way to do that today is with multi-factor authentication (MFA).

MFA works by requiring more than just a password. In addition to something you know (your password), it asks for something you have, such as a temporary code generated on your phone. Even if a criminal figures out your password, they still can’t log in without that second factor. It’s similar to needing both a key and a security badge to enter a building — one without the other isn’t enough.

I strongly recommend enabling MFA wherever it’s available. Banks and retirement accounts typically require it, and they should. Personally, I use MFA on roughly 50 sites through Google Authenticator, while others rely on Microsoft Authenticator or Symantec VIP Access (yes, I have three authenticator apps installed).

Is MFA annoying? Absolutely. It slows down the login process and requires checking a second app for a temporary code. But the tradeoff is peace of mind. MFA makes brute-force attacks — where software rapidly guesses passwords — far less effective. Take the time to learn how an authenticator app works. A small inconvenience for you creates a major obstacle for bad actors.