Two-Factor Authentication

Passwords alone aren't enough anymore, and that's where two-factor authentication, often shortened to 2FA, comes in. The idea is simple: to log in, you need two things instead of one. The first is something you know (your password), and the second is something you have (usually your phone). After you type your password, the site sends a short code by text message, email, or an app, and you type that code in to finish logging in. Without the code, a thief with your password is stuck at the door.

This matters because passwords get stolen all the time, through data breaches, phishing emails, or simply by being guessed. With 2FA turned on, a stolen password is mostly useless on its own, because the criminal would also need physical access to your phone. Security experts estimate it blocks the vast majority of automated account takeovers. The most important places to enable it are your email (since email is how you reset every other password), your bank, and any social media or shopping account tied to a credit card. It takes about thirty seconds per account to set up, usually in the "Security" section of the settings, and it's one of the highest-payoff things you can do to protect yourself online.