Protecting Accounts With Two-Factor Authentication

(by Jake Holmes with the Maine Credit Union League) With the world becoming increasingly digital, online accounts have been a prime target of scammers and fraudsters attempting to steal people’s personal information. In 2021, the Federal Trade Commission received fraud reports from more than 2.8 million people, with $5.8 billion lost. The two most commonly reported categories were imposter scams and online shopping scams. While passwords are the first line of defense in protecting personal information and preventing online fraud, they are a fragile defense. People can be lulled into a false sense of security by thinking their long, complex, hard-to-guess passwords are enough to keep them safe online. If an online retailer or service improperly stores passwords and has their server breached, the fraudster has access to all user passwords. The second and much stronger line of defense for accounts is two-factor authentication.

What is two-factor authentication?
Also known as multi-factor authentication, it is an extra security step in the process of logging into an account. As usual, people enter either their username or email address––followed by their password. However, instead of being granted access to their account after successfully entering the password, the user needs to confirm their identity via another specified method. For example, the user may receive a text message or an email with a one-time code that must be entered in order to complete the login process. Other two-factor authentication methods include biometric information, such as fingerprint or facial recognition scanning.

Also, growing in popularity are authentication apps. The apps generate short codes that change on a regular basis. If the app is someone’s method of two-factor authentication, they’ll need to copy the code from the app in order to log in. This makes it much, much more difficult for fraudsters to gain access to accounts. Even if a fraudster was able to get their hands on someone’s password, they still wouldn’t be able to access their account without the user’s personal device. With facial recognition or fingerprint scanning, they still wouldn’t be able to access the account even if they had the password and device.

Where should people use two-factor authentication?

1. Financial Institutions – Credit unions, banks, and credit card companies have made significant investments in fraud detection programs. Even so, if two-factor authentication is available, people should be using it to ensure their finances are protected.
2. Email Accounts – If a fraudster gains access to someone’s email, they can create a lot of trouble. Email accounts are a standard method of sending password reset links and are often used to confirm identity during a login process. People should prioritize protecting their email with two-factor authentication.
3. Social Media – If a fraudster gains access to someone’s social media account, they gain more personal information on both the user and the user’s friends and family. That information can be used to steal identities. Nearly every social media platform supports and encourages two-factor authentication.
4. Online Retailers – If someone uses their debit card, credit card, or financial institution account information to make purchases on any online retailer’s website, the login process should be safeguarded with two-factor authentication. If a fraudster gains access to the username and password, they can run up charges, ship items wherever they want, and even copy the information to be used to make purchases or open up lines of credit elsewhere.

For maximum protection, people should use two-factor authentication everywhere that it’s an option. While no security method is entirely foolproof, two-factor authentication makes it more difficult for fraudsters to steal personal information or access accounts.

Contact your local credit union and ask them how they can help you set up two-factor authentication on your account.

Stay safe!