Simply having a strong password is no longer enough to keep your online accounts secure. That is why the world’s largest companies are all encouraging their users to use a system called two-factor authentication that makes it slightly more complicated to sign into your accounts but also far more difficult for hackers to break in.

Google will begin switching on two factor authentication by default for all users, forcing them to make their accounts more secure.

How does two-factor authentication work?

Two factor authentication uses an additional way to prove the identity of a user trying to log into an account. Your password is the first method, but the second way involves using a smartphone to make sure it really is you.

When you log into an online account using your email address and password, you’ll then be asked to enter a two-factor authentication code sent to your phone number.

Typically, this code will be sent using a text message. Enter the short code into your web browser to prove that it’s you.

Why is it more secure?

The system is favoured by security experts because anyone trying to get access to your account also needs access to your phone number as well as your password to hack you.

Passwords often get hacked and leaked online, and weak passwords can be easily guessed. But unless your phone has been stolen, determined hackers will be unable to get past two-factor authentication systems.

Which websites use two factor authentication?

Almost every major website you can create an account on will offer two factor authentication. Google does, for example, and Facebook does through a section of its smartphone app. LinkedIn lets you add a phone number, as does Twitter.

Many websites will not prompt you to turn on the feature unless you explore their settings pages. Look for the section on “Security” in the settings menu and see if two factor authentication is listed.

Is it unhackable?

It’s important to make it clear that turning on two factor authentication does not mean that your accounts can never be hacked. You should still pay attention to suspicious emails and other alerts and remain vigilant.

A particularly determined hacker could spoof your phone number, meaning they gain access to messages sent to it. If they have managed to steal your password, they could then use your spoofed phone number to bypass two-factor authentication.

How can I receive authentication codes?

The most common way to receive login codes is via SMS messages sent to your smartphone. But if you really want to stay secure online, consider switching your two-factor authentication for key accounts to authenticator apps such as Authy or Okta.

Using these apps means your codes are sent securely to apps on your smartphone - not via text messages that could be intercepted.

And if you’re really concerned about hackers gaining access to your accounts, consider investing in a physical authentication device like a Yubikey. These keyring-sized devices are extra secure and rely on you pressing a button to confirm it’s really you signing into a site.