Why I use 2-factor authentication for email — and you should, too
Email is one of the most common targets for hackers into individuals’ and businesses’ computer systems. Some small business owners use personal email to conduct business, and even larger businesses sometimes mingle personal and business email.
One easy step that I use to protect my personal email is called two-factor authentication or out-of-band authentication. Whenever my friends or business acquaintances ask about email security, I always recommend they use two-factor authentication. It is not failsafe, but it is an easy and effective means to help protect your email accounts against hackers.
Here is how two-factor authentication works:
1) After you enter your email password on a new device, a verification code will be sent to your mobile phone via text, voice mail, or through a mobile app. You will have to enter that code to gain access to your email.
2) Once you sign in on a device you can indicate if you want the authentication system to remember that device for a period of time. For example, you may not want to deal with the verification code every time you log into your email on your home computer or other personal device.
3) Some applications do not support the use of two-factor authentication (such as your iPad or Mail applications), so you will want to set up application-specific passwords. These are generated by your email provider and can only be used for one application. If you lose a device or are infected with malware, you can revoke the password.
4) No one will be able to gain access to your email from a device that has not been authenticated through the two-factor authentication or with an application password. If anyone, including you, tries to sign into your email from a device that has not been authenticated, that person will be asked for a verification code, which will be sent to your phone.
You can set up two-factor authentication in the settings area of your email account. For example, here is more information on how 2-step verification can protect for your Google account.
Two-factor authentication is a powerful tool to protect you against cybercriminals. If you have enabled two-factor authentication, a criminal who knows your email password cannot use that password on a device that has not been authenticated by you.
If your email is compromised you are more vulnerable to identity theft and financial fraud. It is not uncommon for hackers to take over a victim’s email and then request money from the victim’s friends or request wire transfers from the victim’s business.
Also, because email is frequently used to reset passwords for websites and online accounts, it is doubly important to protect your email account from hackers.