Main content
Course: Internet safety > Unit 1
Lesson 2: Ask Google: How do I keep my account safe?- How to keep your online accounts secure
- Why creating a strong password really matters
- Yes, you need a password manager. Here’s why.
- How adding your phone number and 2-factor authentication helps protect your account
- How can I review the security of my account?
© 2024 Khan AcademyTerms of usePrivacy PolicyCookie Notice
How adding your phone number and 2-factor authentication helps protect your account
Ever had to use a code that was texted to your phone to log into a website? Then you’ve used two-factor authentication. Learn more about why it’s so important, and how it creates an extra layer of security to protect your accounts and your information.
To learn more about how you can keep yourself safe while on the Internet, visit: internet-safety.khanacademy.org. Created by Sal Khan.
Want to join the conversation?
- Don't y'all think that giving your phone number to some website, you would either think its very safe with the 2 factor authentication or that their trying to steal your phone number?(10 votes)
- Good question! I think that a website having JUST your phone number isn’t as problematic compared to having your credit card number, address, etc.
The worst a hacker/scammer could do with your number would be to try and pretend to be large companies (for example, your bank account saying you owe a certain amount of money) but as long as you’re aware of those kind of scams, it isn’t particularly risky.(14 votes)
- Can you use an email? For verification...(10 votes)
- It depends on the platform. Google, Apple, and other large companies do support this. It is still safer to use a 2FA/MFA app or security key.(7 votes)
- if all your accounts are attached to google do they all get hacked if google gets hacked?(8 votes)
- MettaMax, sure!
The same with regular email providers, if scammers have access to your email, if they can receive and read messages -- they can restore and change passwords for each website/resource where that email was initially used.
That's why having 2-factor authentication is required, but also it's good practice to logout out of your mail providers, because as long as you logged in your browser stores authentication token which can be stolen under certain circumstances. For instance, like installing pirate game or soft, you actually may install a stealer that will copy and send away some sensitive data with tokens and cookies, if you don't have 2F enabled, scammers may eventually change your password without any additional verification.(2 votes)
- what do you do if someone hacks your account?(5 votes)
- If you suspect that your account has been hacked, the first thing you should do is change your password immediately. Choose a strong and complex password that includes a combination of letters, numbers, and symbols. You should also enable two-factor authentication if it is available to add an extra layer of security to your account. It is also important to review your account activity and check for any unauthorized access or suspicious activity. If you find anything suspicious, report it to the platform or service provider that manages your account.(6 votes)
- How do people know your gmail if they dont even know your password?(4 votes)
- Because they logged in to your account.(2 votes)
- Some jerk stole my mama's credit card when she gave birth to my little sister. Mama was able to stop the fraud, luckily.
KEEP YOUR CREDIT CARDS ON YOU!(3 votes) - I had a friend get their verizon account hacked and they were able to upload her information onto a new phone and get all her OTP and they tried to wire money..fortunately she was able to stop transfers..its called sim swapping. Not sure how to prevent this from happening…any advice?(3 votes)
- use an otp, like google authenticator or something, then you don't even have to give your phone number(2 votes)
- What should I do if I don't own a phone and therefore don't have my own phone number?(2 votes)
- Get a phone or use google voice(1 vote)
- good question hongbob cirlepants(1 vote)
Video transcript
- All right, Guemmy, so
sometimes sites ask for, like, a phone number
for security purposes, and I'm always actually afraid
to give my phone number. One, I just don't want
random people calling me all the time. But how do you think about that? When is it valuable or
maybe not so valuable? - Yeah, it's actually super important that when a site asks you
for a security phone number that you provide it. I think most people would agree that they wouldn't hesitate to give their credit card
company their phone number, because in the case of fraud, you do want them to contact you and to verify those
charges so that, you know, you're not responsible
for them, et cetera. In the same way, providing
your phone number to these online companies gives a way for the
companies to contact you in case that there's issues. In addition to that, the phone number itself is
actually a security mechanism. So, for example, a lot of
us on banking services, we've tried to log in and then the banking service
would send us an SMS code sent to your mobile phone number, and then you're able to enter that, before you're even able to log in. And what that does is it
actually prevents that fraud from even happening. And so instead of just the bank calls you because there's fraud, it's like, hey, let's prevent
the fraud in the first place. - I have to say, that last
point is very important. Like people think this is all theoretical. I, on not every day, that
would really freak me out, but you know, several
times in the past year, I get a little code like, you know, so and so was trying to
log in to your account and there's a code. I'm like, "Oh, no!" Somehow, maybe someone broke in, or they're creating a new, I don't know what's going on, but the fact that I take comfort that they didn't get the code, that I got the code and they
wouldn't be able to log in. And that kind of goes into, you know, is that what we're talking about when we're talking about
two-factor authentication? That you have to have, you
know, kind of two devices that, you know, say a
hacker in a foreign country or a bad actor might not have access to? - Yes, absolutely. You're right that because
that code was only sent to your phone number, it was not sent to that attacker. And so they cannot get in. They're stopped at that point. And also, if people
don't like phone numbers, there's lots of different
ways that you can do two-factor authentication. We can send prompts to your device. There's these things called security keys, some people might have heard of. There's a big variety.