Why Two-Factor Authentication is Essential for Phishing Prevention

Phishing is very common thing that you might encounter on the daily. That is why, there is a slight chance that you might become a victim one day. So, you need to use two-factor authentication to prevent the hackers from getting access into your account.

Phishing Email 2

What is Two-Factor Authentication?

The two-factor authentication also known as 2FA is actually a method that you can use to strengthen your account security by adding a second factor when you are login into the account besides your password. 

The second factor itself is an information which usually in the form of temporary code which delivered into your device using various means. Sometimes this method is also called as multi-factor authentication also known as MFA. 

A lot of providers already have 2FA option to secure the user’s account since it is also one of the requirements needed by many cybersecurity laws especially when the service has something to do with personal information.

Why You Should Enable 2FA?

By enabling 2FA you will be able to mitigate threat that coming from unlawful access. Even though it is not 100% yet but it still able to add another security laver to your account. So, hackers will be more difficult in accessing your account and steal your personal information.

Furthermore, in case of large-scale account breaches that happen to a website where your account information including the password are sold online, having 2FA can help to protect your account. So, even if the hackers already have your password, they would not be able to login into your account without the 2FA code. 

One thing that you need to be careful of is phishing which is a form of social engineering where the hackers will send you email to get your account credentials. In the email they will include a link and when you click the link it can install a malware application into your device or direct you to a fake login page. 

Then when you enter your login credential into the page the hackers will be able to use that information to login into your account in the legit website. That is why, you need to be careful to not click on any link on the email that you receive. Activating 2FA can also help you just in case you accidentally input your login credentials into a fake website.

Read More Spotting and Reporting Phishing Emails

Different Types of Authentication System That You Can Use

There are a few systems that you can use to activate the two-factor authentication for your account. Most service provider support these systems but some of these systems might not available. So, you need to choose which system that you can use in the service. Here are some of the options that you can activate:


This system is the oldest type that you can use to activate the two-factor authentication. That is why, most service provider also support this system since it is the easiest type to use.

To you use this system then you need to input your phone number into the 2FA settings in your service provider website. Then you will receive a code that you can only use once every time you login into your account. 

The benefit of this type is most people these days have phone that support SMS so most people can use it. However, it is important to note that sometimes SMS cost might apply to you if you receive the SMS. 

Another thing that you need to remember is that you can only use this system if you are connected to your phone network. So, if you are not in the service area for example when you are abroad then you might not receive the SMS.

This method is also not the most secure since hackers actually able to convince your service provider to redirect the SMS that you receive to other SIM card. So, only use this method if you really cannot use other system.

Authentication app

This method is done by using an authentication app that you can download on your phone. There are various applications that you can use such as Duo Mobile, Authy, Google Authenticator, Microsoft authenticator, and many others.

To use this system, you need to link your authentication app with your account on the service provider website. Once they are connected you will be asked to enter a code from your authenticator application when you want to login into the account.

The code on the authenticator application changes every minute and they are randomly generated so they are more secure. The best thing is you do not need to use your phone network for this method so you can access the application anytime you want. However, hackers can still phish the code from you so you still need to be careful.

Security key

This method is the most secure method that you can use to activate two-factor authentication. The security key itself is a physical key in the form of USB that you can plug into your device to login into your account. 

So, when you login into your account you will be asked to tap the key physically to authenticate it. The browser that you use will prompt your account while authenticating the domain of the website that you want to access. That is why, this method is not phishable since you will know if you login to a real website or not when using the security key. Furthermore, there is no code to enter to the website when you login so this method cannot be transferred by the hackers to login into the legit website. 

However, not all service provider supports this method yet so you might not be able to use them to secure all of your account. But the system has become a standard that continued to be adapted by large service provider. 

Another thing to not is you also need to bring the physical key everywhere if you want to login into your account. Since the key is physical you might also have a chance of losing the key. So, it is another problem that you need to think about.

Setting Up Two-Factor Authentication on Popular Websites

  • Amazon
    On your account setting to the “login & list” then scroll down until you can see 2-step verification. Then click edit which will prompt you to enter password. Then you can continue by clicking the get started. 
    There will be a wizard that will guide to on step-by-step process to connect your account to your authenticator app. You can also insert your phone number as the second 2FA method. 
  • Apple
    You can activate 2FA on the Apply ID using your phone or website. You can go to the setting then to your name and then go to “password & security” from the menu you can select to turn on 2FA and just follow the step-by-step process to activate it. Later you will receive the verification code using the apple system itself so you do not need to use any authentication application. 
    On newer apple device you can also use security keys but you will be asked to use at minimum 2 keys to activate the feature. Another thing that you need to remember is the 2FA on Apple cannot be turn off. You also need to have phone number to be able to activate the feature. 
  • Dropbox
    Go to your profile then click the setting to find security tab. Then you need to go to “two-step verification” with a toggle which you can turn on to activate the two-factor authentication feature. Click on the get started and just follow the step-by-step process to activate it.
  • Facebook
    Go to the “settings & privacy” then go to setting then go to “security and login” next you can find a heading where you can set up 2FA. Next you can click setup and just follow the step-by-step process to activate it
  • Google
    Google will let you turn on 2FA to be used on all of their service so it is important for you to activate it. Go to your account page then click the security then go to 2-step verification then just follow the step-by-step process to activate it.
    You will be able to use SMS, authenticator application, security key, backup codes and also the native 2FA system that Google own. It is recommended to also use second method as backup to secure it.
  • Instagram
    Go to your settings then select the security. From there go to two-factor authentication. You can click on the get started and just follow the step-by-step process to activate it.
  • Microsoft
    Go to the Microsoft account then go to security menu where you can see “two-step verification” or sometimes you need to go to additional security to find it. Next you can click setup and just follow the step-by-step process to activate it.


As you can see, activating two-factor authentication is very important since it can help to secure your account. It will also protect you from phishing attack by adding another protection layer. That is why, you need to always setting up 2FA to all of the account that you own.

Tags: two-factor authentication, two-factor authentication set up, two-factor authentication application, two-factor authentication benefit, two-factor authentication advantages,