Two factor authentication adds an additional layer of protection on to your online accounts. Instead of relying on just your username and password, two-factor authentication uses two of the following:

l Something you have (smart code or other type of physical device used to authenticate)

l Something you know (a password)

l Something you are (fingerprint or another biometric authentication method)

By combining your usual username and password combination with the above, attackers looking to gain access into your account must have this second factor of authentication. This drastically increases the complexity when attempting to compromise attacks and is the most favourable method to prevent account theft.

You’ll typically see two-factor authentication methods including:

l SMS Verification – a code is sent to your phone, linked to your account, and you must correctly enter this along with your credentials

l Application generated codes – usually with Google Authenticator, Microsoft Authenticator or similar

l Physical authentication keys – these look like a USB but are actually designed to store and output a long pattern that the server recognises.

While there have been cases of two-factor authentication bypass previously, these cases are usually investigated and resolved, and are difficult to perform regularly on a wide-scale.

In any case, the premise of this security measure goes both ways. If two-factor authentication can be bypassed, an attacker still needs to know your credentials.

Similarly, if an attacker knows your credentials, they need to bypass the two-factor authentication on your account. A win-win!