You probably know by now that you should never use the same password in more than one place, and that each of your passwords should be strong enough to resist an automated attack. Perhaps you use a password manager to generate random passwords, store them, and fill them in automatically. But all that may not be enough if a site suffers a security breach that reveals its users passwords to an attacker—sadly, a frequent occurrence.
At the moment, the best defense against such attacks is two-factor (or two-step) authentication, in which you need more than just a username and password to log in on an untrusted device. You also need a second element, which often takes the form of a random string sent by the second factor to foil any attacker who has your password but not your phone.
The problem with two-factor authentication is that it’s a bother, requiring an extra, manual step. Usually you have to do this only once per device or app, after which point ordinary logins work, but even so, it’s a pain. Here are a couple of ways to reduce that inconvenience.
Use SAT Mobile ID app
Services that use two-factor authentication let you use an iOS/Android app—in lieu of SMS—to obtain a secondary authorization code. The key is generated on the phone, and is automatically sent any typed to the application.