Don’t turn on two-factor authentication

Before you require a second factor to login to your accounts, you should understand the risks, have a recovery plan for when you lose your second factor(s), and know the tricks attackers may use to defeat two-factor authentication.

~ Stuart Schechter from,

I repeat: Do not enable two-factor authentication until you understand how it works and what you are doing. You know who is usually locked out of your car, house, etc. right? You are!

This is a great article surveying a myriad of things you should consider before enabling two-factor security. Yes, it is more secure, but that means it is also more likely that you’ll lock yourself out, permanently.


Are you currently really good at keeping track of passwords and security questions?
Do you use a unique password for every service and web site?
…are the answers to your security questions completely random things you made up and stored in your security system, or did you really use your easily-learned mother’s maiden name?
…and is your “security system” not post-it’s on your monitor, but rather a real, secure, system?

And how about…

Do you have a system in place to give your beneficiaries access to your stuff—and ways to permanently lock-and-destroy things you don’t want passed along?

…if not, then turning on two-factor is not a good idea. You’re about to make things even more complicated when you are currently not doing the basic things well. Instead of blindly enabling two-factor authentication, you should move off of the bell curve and stop being an easy traget.

Step one: Learn how to use a password manager like 1Password or LastPass, and start using unique passwords.