We’ve known for a long time that relying on just a password is a risky way to secure our things online. Whether it’s our data, our money, our photos or our identity we need to do more.

A password or PIN number is one factor of identification. It’s something you personally know. The problem with this is that we can forget, share or otherwise lose control of it. However it happens, once someone has your password they can gain access to your accounts or even impersonate you. A password is something someone knows and therefore it can be shared. Astonishingly, people sometimes do this knowingly and willingly, particularly in business settings when colleagues need to access a little-used system or application.

Beyond this type of intentional sharing, passwords can also be tricked out of people through phishing. Phishing attacks are becoming increasingly sophisticated and therefore difficult to spot. An email may appear to be from a legitimate service provider, such as a bank, yet when the unwitting customer clicks on a link they could be taken to a fake site. If they enter their information at this point, the cybercriminal is able to use the phished credentials on the actual service provider’s site to gain access to the user’s account.

Even more sophisticated, and another danger to password-only protection, are man-in-the-middle (MiTM) attacks. These come about when a cyberattacker is in the middle of communications between a service user and provider, both of whom believe they are communicating with each other.

In the UK, we have long had 2FA in banking with almost all banks providing access via a mobile phone (usually with text messages or sometimes an app) or a hardware device that provides an ever-changing pass number. These protections are now available for all manner of other sites such as Twitter, Whatsapp and Facebook

Using 2FA we can give ourselves greatly increased security just for the time cost of an extra code to type in occasionally. It’s really worthwhile.




How to enable 2FA on Whatsapp

Press ‘account’

Press ‘Two-step verification’



Set up 2FA in Facebook

Click in the top right to bring up the above menu then select ‘settings and privacy’

Select ‘security and login’

Select ‘Use two-factor authentication’


Or, on a smart phone:

‘Settings & Privacy’

‘Password and Security’

Press ‘turn on’