To combat against hackers from gaining access to a user’s online accounts, companies have started requiring users to enter more than just their password credentials. The two most common systems used are called two-step authentication and two-factor authentication. Mistakenly, people use these terminologies interchangeably; however, they are different. In fact, two-factor authentication is more secure than two-step authentication. Two-step authentication requires the user to first enter the correct password and then enter a one-time password (OTP) sent via email or SMS; a two-step, one-factor authentication. In this situation, a hacker could potentially gain access to the account with just the knowledge of both pieces of information. Two-factor authentication, on the other hand, requires the user to first enter the correct password and then approve the attempted sign in from a second device; a two-step, two-factor authentication. In this situation, the hacker could gain access to the account only with both knowledge of the password and physical possession of the second device. The distinction here is important for knowing how secure one’s private accounts really are.
