12 days of two-factor authentication: this Xmas, give yourself the gift of opsec

The Electronic Frontier Foundation has launched a new series, 12 Days of 2FA, in which every installment explains how to turn on two-factor authentication for a range of online services and platforms.


2FA, in which your phone number, an app, or even a printout serves as a critical backstop for your account, is one of the very best ways to avoid having your accounts hacked, which can cost you money, privacy and safety. However, almost none of the major services call their two-factor auth service "two-factor auth" (they use cutesy names like "Safepass," or generic ones like "login verification") making it really hard to figure out how to activate it for the services you depend on. That's where 12 Days of 2FA comes in — a one-stop guide for all the services you rely on.


Any action that requires authentication—from unlocking your car with a key to signing into your email with a password—involves something that you know (like a password or a PIN), something that you have (like a key or cell phone), or something that you are (like your fingerprint or voice). Generally, combining these types of authentication–that is, using two-factor (or multi-factor) authentication–translates into tighter security.

You have probably encountered 2FA already. An ATM, for example, requires both your card (something you have) and your PIN (something you know). Another example: when you log into Facebook from a new device or new location, you may have to jump through some extra hoops beyond entering your password, like identifying pictures of friends on Facebook. These extra layers of authentication protect your account in case one authentication factor is stolen or compromised.

The 12 Days of 2FA: How to Enable Two-Factor Authentication For Your Online Accounts

[Gennie Gebhart/EFF]