When Facebook revealed last week that it had stored millions of people’s account passwords in an insecure format, it underlined the importance of a security setting that many of us neglect to use: two-factor authentication.

That might sound like a mouthful, but it has become essential for our digital protection. What it stands for is basically two steps to verify that you are who you say you are, so that even if a password falls into the hands of the wrong people, they cannot pretend to be you.

Here’s how two-factor authentication has generally worked: Say, for instance, you enter your user name and password to get into your online bank account. That’s step one. The bank then sends a text message to your phone with a temporary code that must be punched in before the site lets you log in. That’s step two. In this way, you prove your identity by having access to your phone and that code.

Sounds simple and safer, right? Yet barely anyone uses it. According to Google, fewer than 10 percent of its users have signed up for two-factor authentication to protect their Google accounts for services including email, photos and calendars.