By Princess Jones

A couple of weeks ago, I got a panicked IM from a friend. Her Gmail account was sending out SPAM messages she hadn’t sent. She used it for her freelancing business so she was obviously freaked out about it being taken over for nefarious purposes.

After I got her to stop typing in all caps, I went over the Google account security check up with her. We realized that she was logged in at her own computer at home as well as one in El Salvador and one in the Ukraine. We changed her password, deleted all of her authorizations, and logged her out of everywhere else. The SPAM messages stopped.

Before we finished up, I suggested that she sign up for two-step authentication to make rogue sign-ins less likely to happen. Even though just a little while earlier my friend was in near tears over a security breach, she had all of the excuses in the world about why she couldn’t use two-step authentication. Most of them were myths.

Myth #1: Your apps and accounts probably don’t support it.

You’d be surprised what’s available to you. Many companies don’t exactly advertise two-step authentication to its users. You don’t find out it’s available until you have suspicious activity. But most major companies offer it, including Google, Apple, Mailchimp, etc. In fact, Mailchimp wants you to use it so much, it offers a discounted monthly fee if you add it to your account.

Myth #2: It takes a long time to set up.

Remember the friend I was trying to help? She must have spent a good ten minutes explaining why she couldn’t set up two-step authentication. When I finally convinced her to do it, it took us about less than four minutes to get her set up. Even if it took us twenty minutes to set up, it was worth it to make her account that much more secure.

Myth #3: You have to use it every time you log into your accounts.

If this were true, it would make the whole process incredibly inconvenient. Fortunately, that’s not how it works. Generally, you have to complete the two-step authentication on a device once.

I work from three different computers and log into my bank account from all three. But if I have to log into it from another computer, I’ll need both my password and the code that comes as a text message.

Some programs prefer to limit the time span for authentication. Mailchimp’s authentication only lasts for two weeks but there are others that last for a month at a time.

Myth #4: It means you don’t need to worry about your passwords anymore.

This is the biggest myth of them all. Two-step authentication works with your password, not instead of it. You still need strong, private passwords. You still need to keep your devices in secure places. Because if someone were to get a hold of your unlocked laptop as well as your unlocked phone, accessing your accounts would still be possible.