Most People Aren’t Using Two-Factor Authentication (Here’s Why You Should)

3 Min Read Published: Aug 9th, 2018

Updated: Nov 18th, 2021

Text Size

- +

Toggle Dark Mode

There’s one simple measure that can keep you, your accounts, and your data a lot safer online. But you might not be taking advantage of it.

That security measure is two-factor authentication (2FA). 2FA can take many forms. The most common is a code sent to you via text message from the website you’re trying to log into. It’s an extra layer of security that would block a hacker, who doesn’t have access to your phone, permission to log in to your personal account.

And while you might even be using two-factor authentication for your own accounts, data shows that it has a long way to go from widespread adoption.

According to a November 2017 Duo Security study, less than one-third of Americans currently had 2FA enabled. More than half of them had never heard of it.

A recent study conducted by researchers from Indiana University sought to figure out why 2FA isn’t more popular among tech-savvy internet users. The researchers revealed the results at the Black Hat security conference on Thursday, as reported by CNET.

They intentionally found 500 students on campus who had more “security and computer expertise than the average person.” But while those participants knew about technology, they reportedly didn’t understand why they needed to enable 2FA.

“There was a tremendous sense of confidence,” said L. Jean Camp, an IU professor and one of the study’s leads. “We got a lot of, ‘My password is great. My password is plenty long enough.’”

But passwords are, obviously, not enough to keep users safe. That’s especially true in our era of major data breaches in which our personal information — passwords and login details included — can be stolen and distributed in sketchy parts of the web.

As CNET points out, even certain forms of 2FA aren’t as secure we’d hope them to be. On Aug. 1, hackers breached Reddit by intercepting SMS-based two-factor authentication texts, for example.

There are much more secure options, such as a 2FA security key. Basically, it’s a physical USB device that you plug into your computer to authenticate. Unless someone has physical access to this key, they aren’t getting into your account.

But certainly, using any kind of 2FA authentication is a lot better than just relying on your password — no matter how strong or long it may be.

Sure, it’s an extra step and it may take a few extra seconds to log in to an account. That may be an eternity in our digital era, but for those who are concerned about their online security and privacy, it’s worth the extra hassle.

“There is an additional step in usability, which is motivation,” Camp told CNET. “You can enjoy driving the car, but you’re not going to enjoy putting on your seat belt. You have to communicate, ‘If I’m taking this hassle, it’s for my own good.”

For the record, Apple’s 2FA system does not rely on SMS text messages. So you should definitely enable it.

Two-factor authentication is widely available, easy to use, and goes a long way toward securing your accounts (even if SMS-based systems aren’t perfect). In other words, there’s no reason you shouldn’t be using some form of it.