Enable SMS-based 2FA as a minimum baseline

If an authenticator app feels too complicated, enable SMS-based 2FA as a starting point. The service sends a text message with a code each time you log in from a new device. While not as secure as an authenticator app, SMS 2FA blocks the vast majority of automated attacks.

Why It Works

SMS 2FA stops attackers who have your password but not your phone. It blocks automated credential-stuffing attacks, which account for the majority of account compromises. Any 2FA is dramatically better than no 2FA.

Tips

• SMS 2FA is vulnerable to SIM-swapping attacks, so upgrade to an authenticator app for critical accounts
• Use SMS 2FA for lower-risk accounts where convenience matters more
• Never share verification codes with anyone who calls or texts you asking for them
• Consider upgrading to app-based 2FA over time as you get comfortable