Logins that require only a password are not secure. What if someone gets your password? They can log in, and the site won’t know it’s not you.
Think nobody could guess your 15-character password of mumbo-jumbo? It’s still possible: A keylogger or visual hacker could obtain it while you’re sitting there sipping your 700-calorie latte as you use your laptop. Or, you can be tricked—via a phishing e-mail—into giving out your super strong password. The simple username/password combination is extremely vulnerable to a litany of attacks.
What a crook can’t possibly do, however, is log into one of your accounts using YOUR phone (unless he steals it, of course). And why would he need your phone? Because your account requires two-factor authentication: your password and then verification of a one-time passcode that the site sends to your phone.
Two-factor authentication also prevents someone from getting into your account from a device other than the one that you’ve set up the two-factor with.
You may already have accounts that enable two-factor authentication; just activate it and you’ve just beefed up your account security.
Apple
Dropbox
Microsoft
Additionally, check to see if any other accounts you have offer two-factor, such as your bank (though most banks still do not offer this as described above, but do provide a variation of two factor).
Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.