In many cases, an online password is all that separates the average person from financial or reputational harm—passwords are the way that people log into their online lives: e-mail, banking, social media accounts, cloud storage, and so much more. And often times, in an effort to better remember passwords, users often minimize their size and complexity, use the same passwords for different online accounts, and don’t change them very frequently, if at all.

Unfortunately, cyber criminals—sometimes using the least sophisticated means necessary (i.e., password guessing, defeating security questions, social engineering, and technical devices such as keyloggers)—obtain passwords more often than you think. Which is why it’s important to add another level of protection between the cyber criminal and you.

Two-factor authentication, or TFA, adds that second level of protection. TFA is a technology that increases security by incorporating requirements beyond something you know (your password). Along with something you know, TFA can also include something you have (a dynamic token or PIN), something you are (a particular biometric), or somewhere you are (your location at the time of authentication).

And the best thing is, TFA is usually offered as a free service for most home Internet users by many e-mail service providers, social media platforms, cloud based storage solutions, and even banking and finance sites (although sometimes you might have to search a little for it or contact the company to ask if it provides two-factor authentication). Most sites that employ TFA require a strong password and supply a PIN that changes at a set interval—users can receive those PINs very easily through text messages or mobile applications.

However, using TFA does not mean you don’t have to take extra care with your password: make it unique to your life but something not easily guessed, use a different one for each online account, write it down and store in a safe place away from your computer, and change it several times a year.

Many large businesses have already recognized the benefits of deploying TFA to their workforce and in doing so have dramatically reduced the risk of credential theft and the subsequent loss of sensitive or proprietary data. Smaller and medium-sized businesses are encouraged to do the same.

