New research from Google finds that two-factor authentication, which adds an additional step in your usual log-in process by sending a unique code to a device you own, is the greatest defense between a hacker and your online account data.
In a blog post, Google says that it teamed up with New York University and the University of California, San Diego, in a year-long study, to “find out just how effective basic account hygiene is a preventing hijacking.” And, Google’s data showed having a text message sent to a person’s phone prevented 100 percent of automated bot attacks that use stolen lists of passwords against login pages and 96 percent of phishing attacks that try to steal your password.
Additionally, device-based challenges, such as a text message or an on-device prompt, helped prevent the most common kind of mass-scale attacks.
Although two-factor codes sent via text message can be intercepted by semi-skilled hackers, it’s still better than not using two-factor authentication at all. According to Google, only a security key, designed to protect the most sensitive accounts, prevented both automated bot and phishing attacks but also highly targeted attackers, typically associated with nation states.
Adding a recovery phone number to your account and setting up the most basic two-factor authentication can greatly improve your cyber security.