Keep prying eyes out of your online accounts

Man who is keeping his accounts safe by securing them with two-factor authentication.

When was the last time you bought something online? Or checked your bank balance? Or logged into any kind of online account? It probably wasn’t too long ago. Almost two thirds of Americans have an online account with health, financial or other sensitive data—and many have more than one.1

If you use a computer or mobile device to log into your accounts—which most of us do—you’ve probably encountered two-factor authentication (2FA). If you’re ever asked to enter an additional code that may be texted or emailed to you, that’s an example of the technology.

Two-factor authentication

2FA (also called multi-factor authentication) creates an extra layer of security, often with the help of your smartphone. Here’s how it usually works:

  1. When you create an account, you’ll be asked to select a username and password.
  2. Then you’ll be asked to enter your smartphone number.
  3. You’ll get a text with a unique code.
  4. Enter that code into the login screen to verify your identity, and you’re in.

You may not be asked for your text code every time you log in, but if it’s an option, it’s a good idea to provide the additional information at every log in. While some accounts may require the additional code only when you log in from an unfamiliar computer, when you change your password, or after a certain amount of time has passed, it’s typically best to use 2FA with every log in.  

While cyber thieves can hack databases or trick you into giving away your username and password, unless they have your smartphone in their possession, 2FA helps keep them locked out.

While strong passwords are necessary, they may not be enough to protect your data, says Ben Meader, team lead, security consulting and engineering for Principal®. “It is still important that you use a complex password, but password complexity alone won’t stop malicious actors from accessing your online accounts,” he says. “Adding in a second-layer of authentication such as requiring a PIN plus a dynamic token or using an application that generates a dynamic token helps ensure that only you have access to the information being protected by that account.”

Other forms of 2FA can involve unique information only you know (e.g., first name of your childhood best friend’s sister) or even the use of a thumbprint scanner as identity authentication (a process known as biometrics). Just remember, 2FA uses 2 or more authentication factors, and they must be in at least 2 categories. For example, it would require 2 of these 3 categories: something you know (a PIN), something you have (a smart card), or something you are (biometrics).

Two-factor authentication is often just an option on accounts, so it’s up to you to check your settings to set up protection. Yes, it may take a few seconds longer. But it’s generally worth it to know you’re taking steps to protect access to your information.

Always use strong passwords

Another great practice is using strong passwords—a mix of letters, numbers and special characters. Don’t reuse passwords and avoid common phrases. Here are some common passwords that are easy pickings for hackers:

  • 123456
  • password
  • qwerty (the top row of a keyboard)
  • 111111
  • zxcvbnm (the bottom row of a keyboard)
  • google

Consider a password manager

Password managers are programs that keep track of the growing number of passwords we all have. You enter 1 master password into the program, and then it will remember and autofill all the passwords you put into it. Password managers can even be used to generate and remember complex passwords for nearly any site.

As more of our private information migrates online, 2FA is one way to help take stress out of your digital life. It only takes a minute to put this effective, tough extra lock on the door to your data. If you haven’t yet, set up your Principal accounts and enable two-factor authentication.

Pew, Americans and Cyber Security. January 2017.

The subject matter in this communication is educational only and provided with the understanding that Principal® is not rendering legal, accounting, investment advice or tax advice. You should consult with appropriate counsel or other advisors on all matters pertaining to legal, tax, investment or accounting obligations and requirements.

Insurance products and plan administrative services provided through Principal Life Insurance Co., a member of the Principal Financial Group®, Des Moines, IA 50392.