- How to keep your online accounts secure
- Why creating a strong password really matters
- Yes, you need a password manager. Here’s why.
- How adding your phone number and 2-factor authentication helps protect your account
- How can I review the security of my account?
Ever had to use a code that was texted to your phone to log into a website? Then you’ve used two-factor authentication. Learn more about why it’s so important, and how it creates an extra layer of security to protect your accounts and your information. To learn more about how you can keep yourself safe while on the Internet, visit: internet-safety.khanacademy.org. Created by Sal Khan.
Want to join the conversation?
- Don't y'all think that giving your phone number to some website, you would either think its very safe with the 2 factor authentication or that their trying to steal your phone number?(7 votes)
- Good question! I think that a website having JUST your phone number isn’t as problematic compared to having your credit card number, address, etc.
The worst a hacker/scammer could do with your number would be to try and pretend to be large companies (for example, your bank account saying you owe a certain amount of money) but as long as you’re aware of those kind of scams, it isn’t particularly risky.(8 votes)
- Can you use an email? For verification...(7 votes)
- It depends on the platform. Google, Apple, and other large companies do support this. It is still safer to use a 2FA/MFA app or security key.(4 votes)
- use an otp, like google authenticator or something, then you don't even have to give your phone number(2 votes)
- What should I do if I don't own a phone and therefore don't have my own phone number?(2 votes)
- All right, Guemmy, so sometimes sites ask for, like, a phone number for security purposes, and I'm always actually afraid to give my phone number. One, I just don't want random people calling me all the time. But how do you think about that? When is it valuable or maybe not so valuable? - Yeah, it's actually super important that when a site asks you for a security phone number that you provide it. I think most people would agree that they wouldn't hesitate to give their credit card company their phone number, because in the case of fraud, you do want them to contact you and to verify those charges so that, you know, you're not responsible for them, et cetera. In the same way, providing your phone number to these online companies gives a way for the companies to contact you in case that there's issues. In addition to that, the phone number itself is actually a security mechanism. So, for example, a lot of us on banking services, we've tried to log in and then the banking service would send us an SMS code sent to your mobile phone number, and then you're able to enter that, before you're even able to log in. And what that does is it actually prevents that fraud from even happening. And so instead of just the bank calls you because there's fraud, it's like, hey, let's prevent the fraud in the first place. - I have to say, that last point is very important. Like people think this is all theoretical. I, on not every day, that would really freak me out, but you know, several times in the past year, I get a little code like, you know, so and so was trying to log in to your account and there's a code. I'm like, "Oh, no!" Somehow, maybe someone broke in, or they're creating a new, I don't know what's going on, but the fact that I take comfort that they didn't get the code, that I got the code and they wouldn't be able to log in. And that kind of goes into, you know, is that what we're talking about when we're talking about two-factor authentication? That you have to have, you know, kind of two devices that, you know, say a hacker in a foreign country or a bad actor might not have access to? - Yes, absolutely. You're right that because that code was only sent to your phone number, it was not sent to that attacker. And so they cannot get in. They're stopped at that point. And also, if people don't like phone numbers, there's lots of different ways that you can do two-factor authentication. We can send prompts to your device. There's these things called security keys, some people might have heard of. There's a big variety.