What is 2FA and why should you use it.

Ivar Jaanus

23 Aug 2016 -

5 min read

Ivar Jaanus

23 Aug 2016


2 min read

Past years have raised quite a few alarms for a lot of people and making them question the level of security of their online data. Just recently over 100 million LinkedIn usernames and passwords stolen in 2012 appeared online and one of the largest online dating sites AshleyMadison.com suffered a large scale breach with 25GB of critical data including user information was stolen. These are just two out of too many hacks that clearly demonstrate how easy it is to take control of your personal data.

This is where 2FA, or Two-Factor Authentication, mitigates the threat and although not 100% safe, it adds another solid  layer of security to your online data and makes it so much more difficult for the villains to hijack your email account or steal your private information online.

So what exactly is Two-Factor Authentication (2FA)?

Two-Factor Authentication is a method of authentication that uses two different layers of security to identify you online. When you type in your username and password you are using the first layer of authentication, the second layer is independent of the first one and is used to vastly decrease the risk of your account falling into the wrong hands.

One of the most used methods of 2FA is using an SMS PIN code delivered to your mobile phone. There are of course other methods like a personal key fob, a USB key or a fingerprint.

Telegram messaging app authentication code

Let’s take a closer look how PIN authentication actually works and why you should start using it ASAP.

Around 65% of people use a single password for multiple sites so if your log-in credentials get stolen from one site you are leaving the doors wide open for all your other accounts. It`s like opening your home and your office door when someone breaks into your car. Adding a second layer of security diminishes the possibility of using the stolen credentials to access your accounts.

SMS PIN authentication requires the bad guy to not only find a way to steal your username and password, but he also needs to steal your phone - not very likely that someone could get their hands on the phones of the 100 million LinkedIn users that were affected by data theft in 2012.

Yes, there are ways to intercept the PIN delivery or use a Trojan horse to interfere the communication between you and the website, but the cases of that happening are so much rarer.

When you log on to a website you are asked for a username and a password, once you successfully fill those fields the site automatically tells the SMS authentication service provider to verify the user by sending a PIN code to the number previously defined by the user. The PIN entry is then checked independently from the website you are trying to access and if the entered PIN matches the one sent via an SMS the website gets a green light to allow access to that specific user.

Messente phone number verification widget

So as we put more and more personal data online every day we can’t just rely on the good old password to protect our account. Stats show that 123456 is unfortunately still the most used password and most certainly the worst. Do yourself a favor and activate 2FA on sites that are already using it and if you have a business that is keeping any user data about your clients, please be responsible and keep them safe with 2FA.

What's SMS service quality?

Ivar Jaanus

Head of marketing

Ivar is the Marketing Manager in Messente with years of online and offline marketing experience from various industries. Most of his free time he spends on water kitesurfing.

We're here to help you connect with your customers. Let's start talking.

Email again:

Further reading

Have you met 1oT? Mobile data connectivity for IoT companies.

24 Apr 2018

Last week, Lauri wrote a good piece about keeping things real, because businesses have simple business models...

Yuriy Mikitchenko

2 min read

A note on keeping things real

17 Apr 2018

Over the years, I've had the good fortune of talking to and doing business with many entrepreneurs and...

Lauri Kinkar

2 min read

Next-generation Omnichannel API is well underway

10 Apr 2018

Over the last few months we’ve been setting the direction of our Omnichannel messaging API and our development...

Uku Loskit

2 min read

You're protected from the pitfalls of grey routes

03 Apr 2018

“Grey routes” is a loosely used term in the telecommunications industry. Frankly, the industry-specific meaning of grey routes...

Joosep Pintsaar

2 min read