If you're seeing this message, it means we're having trouble loading external resources on our website.

If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked.

Main content

How adding your phone number and 2-factor authentication helps protect your account

Ever had to use a code that was texted to your phone to log into a website? Then you’ve used two-factor authentication. Learn more about why it’s so important, and how it creates an extra layer of security to protect your accounts and your information. To learn more about how you can keep yourself safe while on the Internet, visit: internet-safety.khanacademy.org. Created by Sal Khan.

Want to join the conversation?

Video transcript

- All right, Guemmy, so sometimes sites ask for, like, a phone number for security purposes, and I'm always actually afraid to give my phone number. One, I just don't want random people calling me all the time. But how do you think about that? When is it valuable or maybe not so valuable? - Yeah, it's actually super important that when a site asks you for a security phone number that you provide it. I think most people would agree that they wouldn't hesitate to give their credit card company their phone number, because in the case of fraud, you do want them to contact you and to verify those charges so that, you know, you're not responsible for them, et cetera. In the same way, providing your phone number to these online companies gives a way for the companies to contact you in case that there's issues. In addition to that, the phone number itself is actually a security mechanism. So, for example, a lot of us on banking services, we've tried to log in and then the banking service would send us an SMS code sent to your mobile phone number, and then you're able to enter that, before you're even able to log in. And what that does is it actually prevents that fraud from even happening. And so instead of just the bank calls you because there's fraud, it's like, hey, let's prevent the fraud in the first place. - I have to say, that last point is very important. Like people think this is all theoretical. I, on not every day, that would really freak me out, but you know, several times in the past year, I get a little code like, you know, so and so was trying to log in to your account and there's a code. I'm like, "Oh, no!" Somehow, maybe someone broke in, or they're creating a new, I don't know what's going on, but the fact that I take comfort that they didn't get the code, that I got the code and they wouldn't be able to log in. And that kind of goes into, you know, is that what we're talking about when we're talking about two-factor authentication? That you have to have, you know, kind of two devices that, you know, say a hacker in a foreign country or a bad actor might not have access to? - Yes, absolutely. You're right that because that code was only sent to your phone number, it was not sent to that attacker. And so they cannot get in. They're stopped at that point. And also, if people don't like phone numbers, there's lots of different ways that you can do two-factor authentication. We can send prompts to your device. There's these things called security keys, some people might have heard of. There's a big variety.