Are You Doing Two-Factor Authentication Right?

Irina Strelnikova/

You might think your account is secure, but it could still be up for grabs.

Combined with a strong password, two-factor verification is a highly recommended practice for those who want to stay secure online.

One of the most popular forms of two-factor verification requires correctly inputting a user name and password, plus an additional six-digit code sent via text message to a phone associated with the account.

But there are some problems with this method and some in the tech industry are beginning to move away from it. Google, for example, has been encouraging users to change how they receive the six-digit codes. Instead of through a text message, they would instead receive it through the Google app.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Why the change? Security. Hackers can essentially steal that precious six-digit code by conducting a SIM swap that tricks mobile carriers into porting a phone number to a new device. All a hacker might need to do this is your phone number, which after years of online shopping and social media use could be all over the internet.

Despite the hassle of switching the way you do two-factor authentication, it's worth it according to the National Institute of Standards and Technology. Last year the agency released guidelines that discourage the use of SMS text messages for logins.

Tech users have options to move away from text message alerts: Google Authenticator, Microsoft Authenticator or Authy are all available for download.