Imagine waking up on a beautiful summer day, opening your laptop and realizing that you can’t access your online accounts anymore. Your email has been breached, your website, your most precious work, is now gone, and your credit card was used for shady transactions.

If you’re not worried about the security of your accounts, you’re ignoring a serious threat that’s confirmed by a never-ending deluge of security breaches in today’s news.

Two-step authentication is one of the best ways to prevent unauthorized access to your accounts, even if somebody manages to steal your password.

What are 2 step authentication factors?

The ways in which someone can be authenticated usually fall into three categories known as the factors of authentication, which include:

1. Knowledge factors — something the user knows, such as a password, PIN or shared secret.

2. Possession factors — something the user has, such as an ID card, security token or a smartphone.

3. Inherence factors, more commonly called biometrics — something the user is. These may be personal attributes mapped from physical characteristics, such as fingerprints, face and voice. It also includes behavioral biometrics, such as keystroke dynamics, gait or speech patterns.

Systems with more demanding requirements for security may use location and time as fourth and fifth factors. For example, users may be required to authenticate from specific locations, or during specific time windows.

Two-step, or two-factor authentication protects your accounts by requiring you to provide an additional piece of information after you give your password to get into your account.

In the most common implementation, after correctly entering your password, an online service will send you a text message with a unique string of numbers that you’ll need to punch in to get access to your account.

Is Two Factor Authentication Perfectly Secure?

While two-factor authentication does improve security — because the right to access no longer relies solely on the strength of a password — two-factor authentication schemes are only as secure as their weakest component.

For example, the account-recovery process itself can be subverted when it is used to defeat two-factor authentication, because it often resets a user’s current password and emails a temporary password to allow the user to log in again, bypassing the 2FA process. The business Gmail accounts of the chief executive of Cloudflare were hacked in this way.

Is it perfect? No. But it’s way better than just irrationally hoping nobody ever gets a hold of your password.