When we log in somewhere, we usually enter a username and password. Very often, the username is an email address or can be replaced by it. This part is therefore relatively easy to guess. If someone then finds out the password, the account is hacked.
Two-factor authentication was invented to solve this problem. The best-known example of this are SMS-based systems, where a code is sent to the user’s cell phone. We are all familiar with this process from online banking. When logging in, you have to enter both your password and the code. This makes access more secure.
With two-factor authentication, access is secured by an additional query that is independent of the username/password system. This can be a numerical code provided by an app or an external device, or a biometric feature such as fingerprint or facial recognition. Without this additional factor, no one can log in, even if they know the username and password.
Two-factor authentication is important if personal and sensitive data is stored in an account. 2FA is already mandatory for online banking, but you should also secure payment services accordingly.
Additional security measures are also advisable for email accounts and social media profiles. The main reason for this is that private details are disclosed here. Identity theft often starts with attackers targeting accounts that are easy to crack. They then work their way from one account to the next.
Last but not least, the admin access to your website deserves special protection. If a criminal takes over an administrator account, it can cause a lot of damage.
Further reading: What exactly do we need to protect our websites from?