Consider "TFA" to help prevent identity theft

Two Factor Authentication (aka TFA or 2FA)

If you worry about some vital online account getting hacked and your identity stolen, look into whether your provider offers TFA. The most common implementations of TFA require two things for you to successfully log in to an account:

  1. Something you know
  2. Something you have

Examples of TFA:

  • A common example is getting cash from an ATM: you need a card (something you have) and a PIN (something you know).
  • I have a bank account that won't let me log in unless I input my password (something I know) as well as a code that I can "compute" from a numeric table on a card I'm supposed to keep in my wallet (something I have).
  • Google offers TFA for its accounts, where the "something you have" is your mobile phone. See this video by Matt Cutts, who is a frequent frontman for their innovations:


The wider your online presence and the more you access that presence with similar login credentials, the more at risk you are. Here's an edifying tale of someone whose Macbook was remotely wiped and who realized in hindsight that TFA would have prevented it. His Macbook loss was painful -- it hadn't been backed up -- but the hackers' main intent was to hijack his Twitter account, which they also succeeded at.

Closing notes

Technically, a broader definition of TFA includes any two out of these three:

  1. Something you know
  2. Something you have
  3. Something that's you (like a biometric reading from your eye, or pressing your finger on a fingerprint reader)

Thus the authentication systems that validate your eye or finger may be exciting and futuristic, but by themselves don't qualify as TFA.

Also note that what many financial institutions are doing nowadays by asking a secondary question after you key in your password, perhaps the name of your favorite pet or your mother's maiden name, is decidedly not TFA, because the second question can be answered without requiring you to carry a particular physical thing.

TFA adds overhead to life, and who needs that, but I've found the overhead for TFA on a Google account to be much less than I imagined, nearly negligible, and well worth the increased peace of mind.



--- Updated 6 February 2014