A reader has a question about my recommendation that you enable 2-factor authentication whenever possible.

Two-factor authentication simply means that there are two steps you must go through to log into an account. Often times you’ll enter a password, then be sent a special code to via text, phone call, or email and enter that code to get into your account. Many times you’ll only have to get that code if you’re logging in from a different device or an unusual location. For example, if someone in Florida tried to log into my email account they’d have to request a code. That code would be sent to the email address or phone number that I have set up. Or there might be a security question to answer. I prefer the code because a hacker might be able to guess your security question. You can click here to learn more about it. 

two-factor-square

He writes:

Just skimmed your article about Two-Factor Authorization. I have been using it for some time now. Another newsletter writer, Bob Rankin, recommended it back in 2015. However, last August he came out with an article pointing to a flaw. 

I read that article but was not convinced it’s that bad. A couple of months ago when he had mentioned the problem again I emailed him and said I didn’t understand why he was recommending against it. His response was, essentially, it’s better than nothing.
Well…it still makes sense to me. If you have any input to the problem he mentions, could you please include it in your coming articles? 
It’s a good question. The gist of the article in questions is that choosing to receive codes by text message is a less secure method of Two-factor authentication than receiving codes via email or using authentication apps like the ones offered by Google and Microsoft.  If you want to read the full article by Mr. Rankin, you can click here. 
I don’t disagree with him. Text message technology is not as secure as using most email or authentication apps. It is possible that someone could figure how to intercept a text message. If you have the option of an alternative email address or an authentication app, you could choose to go with it to be extra secure.
However, not everyone has a smartphone or is comfortable using an app. Not all accounts offer the option of using an authentication app. Sometimes, a text message code is your only option. And taking that option is a thousand times more secure than not securing your account with two-factor authentication.
The larger point he’s making, is that security for SMS text messaging hasn’t necessarily kept up with the times, is a valid one. But that’s like saying that seatbelt technology could be a lot better. Even if that’s true, you still need to fasten yours until something better comes along.