Publications & Media

What is two-factor authentication (2FA) and how does it work?

As cyber-crime continues to grow around the world, one thing we can all do to improve our own security is to deploy two-factor authentication (2FA) wherever possible.

For most people, logging into accounts online means providing some form of authentication or credential, typically a username and password. Adding two-factor authentication to this process is an effective method to add extra security to an account, in the quest to protect your online Digital Identity.

So why is 2FA so important?

One problem with relying on usernames and passwords is keeping your credentials safe. Unless every one of your username/password combinations is unique, if a web service is compromised or hacked, your credentials may be stolen and then used to access other sites. Multiple use of credentials leaves yourself vulnerable to Digital ID theft. Cybercriminals are becoming more sophisticated in the ways they steal your credentials and passwords, with common tactics including:

  • Phishing scams
  • Compromising a business or web service holding your account credentials
  • Internet of Things (IoT) breaches

Being mindful of the threats to your digital identity is the first step in protecting yourself from cybercrime. You can read more about how to protect your Digital Identity in a recent post by NEC New Zealand.

How does two-factor authentication work?

Following a number of high-profile security breaches, many internet services are now offering 2FA as a standard way of increasing your security when logging onto services and applications.

As PCMag’s lead security analyst, Neil J. Rubenking puts it, “there are three generally recognised factors for authentication: something you know (such as a password), something you have (such as a hardware token or cell phone), and something you are (such as your fingerprint). Two-factor means the system is using two of these options.”

The introduction of biometrics scanners such as fingerprint, facial recognition and iris recognition has made 2FA much simpler, especially on mobile devices. Using a combination of a physical attribute and a password or passphrase has become a far more secure way of logging onto apps and other programmes via your phone or tablet. In fact, using your phone as a 2nd factor is also increasingly used to authenticate when using other access methods such as a desktop browser.

Sometimes a simple numeric code is sent to your mobile device which then has to be entered into the web service. But this simple 2nd factor is still a secure way of adding a second step to the verification process of logging onto an application or internet web service.

These codes can be sent as a simple text message or using a specialised smartphone app called an ‘authenticator’. Microsoft and Google have pioneered authenticators for some time now but there are other providers on the market from other organisations such as Authy and LastPass.

Password Management

One issue we touched on earlier in this article is that a lot of people still use the same password to log onto multiple apps and services. This creates a potential issue if that password is ever compromised as you are essentially providing a cybercriminal with access to all your accounts. At that point, your digital identity has effectively been stolen.

One way to combat this is to use a password management tool. These tools often come as free or paid versions (we would always recommend upgrading to the paid version wherever possible) and can act as a gateway to all your online accounts. Through a master password, you can quickly and easily login to all your apps and online services using the management tool which stores your login credentials in a secure vault.

Password management tools offer a number of benefits:

  • Easily store all your login information in one safe and secure vault
  • No need to remember multiple passwords for multiple accounts
  • Management tools can generate complex passphrases for each of your online accounts
  • Most password management tools offer two-factor authentication as standard
  • Store more than just passwords – most password management tools will allow you to store other valuable information such as credit card details
  • Manage shared accounts – if you are a business that uses shared accounts for online services, it’s a great way of sharing login details across your team using a shared vault

The fact that many password management tools offer two-factor authentication as standard is a great reason to invest as you will immediately improve the security of all your accounts. Some of the most popular password management tools include OnePassword, LastPass and Dashlane.

Services that currently use two-factor authentication

If you are reluctant to switch over to a password management tool, you can still activate 2FA on a number of popular online services and applications. Most of the major online players allow an option to activate 2FA in their security settings. Below is a list of some of the most popular apps and services to provide two-factor authentication:

  • Amazon
  • Apple
  • Google
  • Dropbox
  • Facebook
  • Instagram
  • LinkedIn
  • Microsoft
  • PayPal
  • Reddit
  • Slack
  • Snapchat
  • Twitter
  • Evernote
  • WhatsApp
  • Yahoo!
  • LastPass
  • OnePassword
  • Dashlane

To find out how to set up two-factor authentication on the above platforms, head over to this great post from PC Mag with detailed instructions and screenshots.

While not covered above, most banks here in New Zealand also offer two-factor authentication as standard, whether logging in online via a browser or via an app.


Two-factor authentication is not bullet-proof but it does add an extra layer of security and helps to protect your digital identity. We would always recommend the use of strong passphrases and robust security settings across all your devices, including anti-virus security and firewalls.

We have published an extensive list of posts about protecting your identity online and providing cyber security advice and you may find some of these articles helpful:

Cyber Security Articles from NEC 


Contact our experts today


Contact Us

  • This field is for validation purposes and should be left unchanged.
  • This field is for validation purposes and should be left unchanged.