Column: What is 2-step verification, and how do I use it?

By Ken Colburn, Data Doctors

PHOENIX — Question: What exactly is 2-factor authorization and how do I use it?

In my previous post, I outlined the steps everyone should take to protect themselves from password thieves, and that included using 2-factor authentication.

It should be fairly evident that Internet security breaches are a fact of digital life, so we all need to have a different mindset when it comes to our passwords: They are going to be compromised.

Anyone who uses a credit card has likely experienced fraud alerts and the process of getting a replacement card when a fraudulent transaction has been made. It’s not uncommon to have to replace your credit card once or twice a year these days, but we take it in stride and move on.

If you assume (and you should) that your passwords are going to be compromised, take some steps to protect yourself so you’ll know what to do when it happens.

Just as you have fraud alerts setup for your credit cards and bank accounts, you can do the same with just about every online service you use by activating 2- factor authentication.

Think of it as a double lock combined with an alert system when someone attempts to use your passwords.

The two factors are something you know (your username and password) and something you have (your phone) to prove that you are the rightful owner of an account.

Some online services refer to it as 2-step verification or multiple-step validation, but regardless of what they call it, it’s generally the same thing.

How to use 2-step validation

To activate the feature, enter the phone number of the device you want security codes sent to when logging in from unknown devices.

Once that’s in place, the first time you log into the account from your computer, smartphone or tablet, you will be asked for a special code that gets sent to your phone as a text message.

When you are using devices you own, you can tell the site to remember so you don’t have to go through the 2-step validation every time. If you use more than one browser on your computer, you’ll need to go through the process with each browser.

If you delete your cookies, you’ll be asked to type in the special code again.

Once it’s setup, even if hackers acquire your username and password, they won’t be able to access your account because they don’t have your phone in their hand.

The best part of using 2-factor authentication is that it automatically becomes a fraud alert system when someone has your username and password.

For example, if you get a text message out of the blue saying “here’s your access code,” you’ll know that someone has acquired your username and password and is trying to use them.

You’ll also know that they can’t get in without your phone, so you can simply change your password when you get home to prevent future issues.

Just about every major online e-mail service, social network, financial institution and retailer has begun to offer 2-factor authentication as a feature, but it’s up to you to set it up.

The exact steps for setting up each account will differ, so I’ve posted links to directions for the most popular services.

If you’re looking for directions for a site that’s not on the list, let me know.

Follow @WTOP and @WTOPtech on Twitter, and on the

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up