Two-Factor Authentication: A Basic Breakdown

This illustration shows a person using a multi-factor authentication code to access an account online. The secret code is sent to their phone for verification.
Getty Images

ScoreCard Research

If you’ve taken even just a single moment to consider your online security, you have likely heard of the term Two-Factor Authentication (2FA) or perhaps Multi-Factor Authentication (MFA). While these two ideas may sound complex or even intimidating, we promise you that they aren’t, and we’ll break down exactly what they mean.

Going one step further, after we discuss what exactly Two-Factor Authentication is and why it’s essential, we’ll highlight how to enable it for some of your online accounts. Especially when it comes to online banking, Two-Factor Authentication can be a life-saver that helps increase account security, and protect your finances.

What Is Two-Factor Authentication (and Why Is It Important)?

Let’s break down the term ‘Two-Factor Authentication.’ For starters, you already know what authentication is, and you’ve likely used a password to log into your online accounts. When we authenticate something, we provide information that helps prove that we should have legitimate  access to something, such as an online bank account.

Types of Authentication

There are four types of authentication in practice, and we call these authentication factors. The authentication factors that we may use are as follows:

  • Something you have, such as a physical object that you possess. The most common example of this would be a key that you might use to unlock the front door of your home. Another example is a debit or credit card that has unique numbers—it is a physical object.
  • Something you know, such as a password, security key, or PIN. This is what we are most familiar with regarding online authentication. You may want to log into your bank account, so you will be required to enter a password—it is something within your brain.
  • Something you are, such as a fingerprint or facial scan. We are most familiar with this form of authentication when unlocking a mobile phone. If you have an iPhone or Android device, you have likely used your fingerprint to open it—it is something that is part of you.
  • Somewhere you are, such as within a specific WiFi network or GPS location. Businesses may use these methods to help authenticate you. If you are using your laptop on an internal business WiFi network, this may be used to establish your actions—it is a location.

We are pretty familiar with the idea of ‘something you know’ as we use passwords all the time to access our accounts, but passwords can have their faults. We recommend looking at our guide on creating strong passwords to beef up your security.

Two-Factor Authentication

Quite simply, Two-Factor Authentication requires two forms of user authentication rather than a single form to allow you to access a digital system. By requiring two forms of authentication, account providers create more secure systems that aren’t easy to breach.

For example, you may be required to enter a password (something you know) and provide a fingerprint scan (something you are). This is a form of Two-Factor Authentication, and we’ll dive into exactly how it works in the next section.

How Does Two-Factor Authentication Work?

Online services and applications that utilize Two-Factor Authentication tend to have you use a password (something you know) and your smartphone (something you have).

But, you may ask, how is my smartphone utilized as a second form of authentication?

Generally, one of two things will happen, either a security key will be texted to your device, or an app on your smartphone will generate a unique code that you will be prompted to enter. Either way, physical access to your smartphone is needed to access your account.

A Two-Factor Authentication Example

Let’s look at how this two-factor authentication process works in practice. Here is a scenario in which we are logging into ‘Big Money Bank’, and our account is set up with Two-Factor Authentication security to keep out the baddies.

  1. We visit the website for Big Money Bank to access our account.
  2. We enter our username and password (something we know) as usual.
  3. Upon hitting enter, as long as our information is correct, Big Money Bank then texts a secret code to our smartphone.
  4. We enter the secret code texted to our smartphone (something we have) on the website.
  5. After entering the correct code, we are now logged into our account and we can access our information.

Improved Security With Two-Factor Authentication

If you followed our above example, you may have noticed something about the Two-Factor Authentication process. Even if a hacker was to figure out our password, they would be unable to log into our bank account because they don’t have access to our smartphone—this is the magical security of Two-Factor Authentication.

We highly recommend that you enable Two-Factor Authentication for any of your online accounts that may support the feature. Some systems will text you an access code, email you an access code, or require you to use a mobile app that generates the security key. Either way, you are making it more difficult for malicious users to access your accounts.

A woman uses a two-factor authentication to access her online banking.
Getty Images

Two-Factor Authentication for Online Banking

Utilizing Two-Factor Authentication is something that you should consider for all of your online accounts and important applications. However, protecting your financial information should be at the top of your priority list due to its intrinsically delicate nature.

Most banks automatically enable Two-Factor Authentication, but some do not, so it is always best to manually check. Additionally, you may be able to enable more robust versions of Two-Factor Authentication to keep your account even more secure.

To make things easier, we’ve briefly outlined how to enable Two-Factor Authentication with some of the most popular banks that offer the additional security feature. Simply follow the steps below to enable Two-Factor Authentication for your bank.

Bank of America Two-Factor Authentication

  1. Visit the Bank of America website and log in to your account.
  2. In the top left corner of your screen, select Profile & Settings.
  3. Under the Security heading, select Manage SafePass.
  4. Next, click Add SafePass.
  5. Check the box next to Add a Mobile Device and click Continue.
  6. Follow the prompts to verify your mobile device.
  7. Once completed, Two-Factor Authentication is set up for your account.

Chase Two-Factor Authentication

  1. Visit the Chase website and log in to your account.
  2. At the top of the screen, click on the Security & Privacy heading.
  3. Under the Resources heading, there is a box entitled Ways You Can Be More Secure; within this box, select Add Extra Security When You Sign in Using a Browser.
  4. Toggle the Extra Security at Sign-In option to On.
  5. Once completed, Two-Factor Authentication is set up for your account.

Capital One Two-Factor Authentication

  1. Capital One requires you to enable Two-Factor Authentication from within the bank’s mobile app for Android or iOS, so start by ensuring it is downloaded on your device.
  2. Next, open and log in to the Capital One app using your account information.
  3. In the bottom right corner, tap the Profile icon.
  4. Under the Additional Security heading, tap on Verification Method.
  5. Toggle the Mobile App Verification option to On.
  6. Once completed, Two-Factor Authentication is set up for your account.

SoFi Two-Factor Authentication

  1. Visit the SoFi website and log in to your account.
  2. Next, select the My Preferences option.
  3. Check the box next to Opt in to Two-Factor Authentication.
  4. Follow the prompts to verify your mobile phone.
  5. Once completed, Two-Factor Authentication is set up for your account.

What About Other Banks?

Some banks take automatic control of Two-Factor Authentication, enabling it for you without requiring a request. Furthermore, some banks may not allow you to disable Two-Factor Authentication as it is necessary to protect your account integrity.

For more information and assistance with Two-Factor Authentication, we recommend contacting your bank or institution using the phone number on the back of your credit or debit card. You can also visit your bank’s website and help section for more information.

Two-Factor Authentication for Other Accounts

While we recommend prioritizing getting Two-Factor Authentication set up for your financial accounts, you’ll ideally want to set it up on any website that offers the extra security.

To get you started, we want to provide you with instructions on setting up Two-Factor Authentication for Apple and Google accounts. With our Android and iOS smartphones and tablets revolving around these two platforms, it is essential to keep them secure.

Apple Two-Factor Authentication

  1. The easiest way to set up Two-Factor Authentication for your Apple account is by using an iPhone or iPad.
  2. Begin by opening the Settings app on your device.
  3. Next, tap your name at the top of the screen, then Password & Security.
  4. Tap Turn On Two-Factor Authentication, then tap Continue. If your device already says Two-Factor Authentication On, then you are already set up.
  5. Enter your smartphone’s phone number, then tap Next.
  6. Verify the code sent to your smartphone to complete the process.
  7. Once completed, Two-Factor Authentication is set up for your account.

Google Two-Factor Authentication

  1. Visit the Google website.
  2. Click on your user icon or profile photo in the upper right corner.
  3. Select Manage Your Google Account from the drop-down menu.
  4. On the right, choose Security.
  5. Scroll down under the Signing in to Google heading and click on 2-Step Verification. If it already says On, then you are already set up.
  6. Verify your password if prompted.
  7. Click the Get Started button and follow the on-screen prompts.
  8. Once completed, Two-Factor Authentication is set up for your account.

Frequently Asked Questions (FAQs)

Should I use Two-Factor Authentication?

Yes, we highly recommend using Two-Factor Authentication for your accounts. The Two-Factor Authentication process dramatically increases the security of your account by requiring more information than a standard password, such as verification codes.

With the feature enabled, it is more difficult for malicious users to gain access to your online accounts thanks to the improved authentication methods employed.

How do I know if I have Two-Factor Authentication?

If you have Two-Factor Authentication enabled for your online accounts, you will be prompted to enter a unique verification code upon login after your password. This code is generally sent via text message, email, or generated by a third-party authenticator app, such as Authy, on your smartphone or computer.

If you are unsure whether the security feature is set up for your account, it is best to contact the company your account is with and enquire about Two-Factor Authentication.

What is the difference between a password and Two-Factor Authentication?

A password is one form of authentication. Two-Factor Authentication takes it one step further, requiring you to provide both a password and one other bit of information, such as a verification code texted to your smartphone. Two-Factor Authentication helps to increase overall account security.

How do I turn off Two-Factor Authentication?

We highly recommend against turning off Two-Factor Authentication (seriously, don’t do it); it is a critical security feature that adds security to your accounts. If you need to turn off the feature, you’ll want to reach out to the company your account is with and inquire about the process.

Michael Archambault is a senior writer with The Penny Hoarder specializing in technology.