If you're reading this, you probably are annoyed at the perceived complexity of gaining access to your accounts.  You're not wrong, adding yet another step to the authentication process can be annoying, and if not implemented well, frustrating.


But it is becoming more and more ubiquitous on the web, and for good reason.



What is Two Factor Authentication?

Simply put, Two Factor Authentication, or 2FA, is adding a second method of confirming you are you, and requires (typically) something you know (i.e. your password), and something you have (i.e. a fingerprint, face scan, text message, or authentication app).  Think of it as a second password, but better and more secure.



How do I use it?

You would first need to set it up with the site or service you are trying to log into.  Once done, you'll typically log into the site using your username and password, and then you'll be prompted for your Two Factor Authentication.  If you are using text messaging, the site will send you a text message with a code that will need to be entered on the website.  If you are using a special Authenticator app, you would need to launch the app and type in the code on the screen (the code on the screen typically changes every 30 or 60 seconds).



Is it really that important?

When used properly, even if your password is compromised, a malicious actor won't be able to access your account because they are missing the second factor, the "something you have.  If you have any form of account with sensitive or confidential information, saved credit cards or other linked bank accounts, or just something you would prefer to keep private, 2FA will almost always protect you from a password leak or weak password.



How annoying is it going to be?

Well if done right, you'll only be asked for your second factor if you've manually logged out, are using a different device, asked not to save your login, or at some specified interval in which you are required to re-authenticate (typically one week).  Some services will actually remember devices that you successfully authenticated with, and not ask you again (unless you clear out your cookies).