Passwords are a really important part of good cybersecurity: they are the keys to your cybersecurity locks. This is why we all need to use unique, long and strong passwords for each of our accounts. It can be very challenging to do this, which is where a password manager comes in really handy.

However, adding a second layer of security to your accounts is really important, to help protect you in case your password gets compromised (for example, if it is stored insecurely by the service provider and a criminal accesses it, as happened to Yahoo). This is where two-factor authentication (2FA) comes in. When you set two-factor authentication up, every time you access your accounts from a device that you don't regularly use, the website will prompt you to put in not just your username and password, but also a numerical code that is often sent to your mobile by SMS text message. This means that if one of your passwords is compromised and a criminal attempts to log into one of your accounts with it, they won't be able to get in without the code that has been texted to you. So, your account is better-protected and, if you unexpectedly receive a 2FA code then you know that your password has been compromised and you should change it. I highlighted "from a device that you don't regularly use" above, because it's an important point. Some people worry that 2FA will be a big inconvenience, but you don't receive a code everytime you log into the accounts, just when you are logging in from a device that you haven't used before.

2FA is pretty effective, quite straight forward to set up and easy to use. There is some really helpful guidance on setting it up for many popular sites and apps here.