• May 3, 2026 Security by The Cat

    Two-Factor Authentication

    You're probably already familiar with Two-Factor Authentication, you just may not be familiar with the term.

    You ever sign into your bank account online, Facebook account, etc. and they make you enter your password and also send you a text message with a code? That's two-factor authentication. The idea is that you're using two different methods (factors) of verifying who you are when logging in to something. This makes it so that if your password for an online account is hacked or leaked, someone would also need access to your text messages (for example) in order to get into your account.

    If the person trying to bust into your account only knows your password, no dice. If they have access to your phone and your text messages, you've got bigger problems.


    But actually text messages are the worst kind of Two-Factor Authentication



    "Wait what the hell? You just told me that having Instagram/Google/Whoever send me a text with a code in addition to using my password helps make it more secure? Did you lie to me?"

    - You, probably



    So here's the thing... If you can only use text messages as your Two-Factor Authentication for an account, do it. It is absolutely better than nothing. And you'll definitely run into online accounts (banks especially) that only support text messages as the singular option for Two-Factor Authentication.

    The problem with text messages is a phenomenon that jerks out there will do called SIM Swapping. This is a process where a bad guy who either works at a cell phone company, or teams up with someone who does, will try to get a new SIM card issued to them using YOUR phone number. Basically they take over your phone number using the same process that you would normally use to switch your phone number to a new cell carrier. Then your calls and text messages stop going to your phone, and they go to the bad guy's phone instead.

    This is bad for a lot of reasons, but in this context especially because they can then use those Two-Factor Authentication codes that are going to your text messages to bust into your online accounts.




    "Soooo like is there another option besides text messages?"

    - Also you, probably



    Glad you asked. Absolutely, and it's just as easy as the text message option. For accounts that support it, you can use an Authenticator App. Google Authenticator is a popular one, but I also really like Aegis Authenticator.

    These apps work by scanning a QR code provided by the online account you're setting up Two-Factor Authentication for. Then the app will automatically generate 6-digit codes for you that change every 30 or 60 seconds or whatever. After you set it up, you will sometimes be asked for whatever the given code is showing in that app at that moment. Most sites or apps even have a setting to remember your device, so you only have to put the Two-Factor Authentication code in if you're logging in from a new device or a new web browser. This makes it more convenient for you, but maintains the security boost as any bad dude who's trying to log into your account from their own phone or computer will be asked for that code.


    Rapid-Fire FAQ

    Q: This is too hard and annoying. I hate having the extra step just to log in to something.

    A: It is annoying, you're right. Security in general is annoying. Security and convenience are almost always at-odds, having more of one usually means less of the other. But trust me when I say that starting to use Two-Factor Authentication is one of the easiest ways to improve your online security while only minimally impacting your annoyance.

    Little effort, big gains.


    Q: What happens if I don't use Two-Factor Authentication? Does it really matter?

    A: Here's a situation that I've seen happen all too often....

    - You don't set up Two-Factor Authentication on your Instagram/Facebook account.

    - A bad dude guesses your password or finds it in a leak from another site where you used that same password.

    - There is literally nothing stopping that guy from logging into your account and pretending to be you.

    Maybe they post a bunch of stuff trying to get your relatives to buy scam cryptocurrency.

    Maybe they message your Grandma saying that you've been arrested and you need her to send $500 in bail money to their own scammy bank account.

    Maybe it's an ex-boyfriend who wants to ruin your reputation by posting a bunch of embarrassing stuff from your account.

    Maybe social media isn't your thing, but this can happen to ANY online account you have set up. Email, Steam, Discord, WhatsApp, Google, you get the point.


    I assure you, none of this is outlandish. This happens to people ALL. THE. TIME. Don't wait until it happens to you to start taking it seriously.