Use Two-Factor Authentication to Protect Your Accounts

There probably isn’t a day that goes by without you logging in to at least one account — maybe you check your email, post to your social media, pay bills, send money to your friends and family or buy something online.

Your accounts can store a lot of personal and financial information. That’s why you protect them with a password. Unfortunately, passwords are vulnerable to cyber-attacks. But there’s a simple way to make your accounts more secure: turn on two-factor authentication.

Why a password alone isn’t enough

Like most people, you probably use a strong password to protect your accounts. But hackers use different tactics to steal or guess your passwords.

• Hackers use phishing attacks to trick you into giving up your login credentials.
• Scammers buy credentials stolen in data breaches, using your username and your password to log in to the account where the breach happened. (That’s why it’s important to change your password right away if you find out that your information may have been exposed in a breach.)
• Hackers might also try to use the username and password to log in to another one of your accounts. This works only if you use the same username and password in more than one place — and is a reason to never reuse the same username and password.
• If hackers only have your username, they can use software to guess your password. If the site doesn’t have safeguards to detect this type of attack, the hacker’s software may be able to try many different passwords.

Protecting your accounts

To prevent unauthorized access to your accounts, sites usually require you to sign in with a username and password. This process verifies who you are and is known as authentication. The credential you give to log in — your password, in this example — is a type of authentication factor. Authentication factors fall into three categories:

• Something you know, like a password, a PIN, or the answer to a security question.
• Something you have, like a one-time verification passcode you get by text, email, or from an authenticator app; or a security key.
• Something you are, like your fingerprint, your face, or your retina.

Accounts with two-factor authentication require you to enter a credential from two of the three categories to log in.

The most common methods of authentication

More and more sites and apps are offering two-factor authentication. Some let you choose which authentication method to use. Others only give you one option. These are some of the most common authentication methods out there.

1. One-time passcode via text message or email
   With this type of authentication, you get a verification passcode by text message or email. It’s typically six digits long but can be longer. It’s only good for one log in and expires automatically.
2. An authenticator app
   Some accounts let you use an authenticator app on your phone or tablet to verify it’s you trying to log in. Authenticator apps typically generate a verification passcode, like one you might get by text message or email.
3. A security key
   Security keys are physical devices that you use as your second authentication factor. They come in different shapes and sizes. Security keys use encryption to confirm that the key is associated with your account.

Turning on two-factor authentication

More and more sites and apps are offering two-factor authentication, but it’s not usually on by default. To turn it on, go to your account settings, look for two-factor authentication, two-step verification, or multi-factor authentication, and follow the steps. Start with your most sensitive accounts, like your bank, credit cards, email, social media, tax filing website, and payment apps. Then add it to other accounts, like sites you shop on.

Two-factor authentication can add an extra layer of security that protects you from hackers. Spending a few minutes to turn it on now can save you the hassle, and countless hours, it will take to recover a hacked account or deal with identity theft. If you suspect that you are the victim of a fraud, please contact Bank of New Hampshire immediately at 1.800.832.0912. We are here to help.