Two-Factor Authentication (2FA)
A security method requiring two different forms of verification — something you know (password) and something you have (phone, security key) — before granting access.
Two-factor authentication (2FA) adds a second layer of security to your accounts. Even if someone steals your password, they cannot log in without the second factor — typically a code from your phone or a physical security key. It is one of the single most effective steps you can take to protect your online accounts.
Types of 2FA
- SMS codes — a one-time code sent to your phone number (common but least secure due to SIM-swap attacks)
- Authenticator apps — apps like Google Authenticator or Microsoft Authenticator generate time-based codes on your device
- Push notifications — approve login attempts via a notification on your registered device
- Hardware security keys — physical USB/NFC devices (like YubiKey) that must be present to log in
- Biometrics — fingerprint or face recognition as a second factor
Priority Accounts to Protect
At minimum, enable 2FA on your online banking (Maybank2u, CIMB Clicks, etc.), email accounts, and social media. Malaysian banks already require TAC/OTP for transactions — but also protect your email, as a compromised email can be used to reset all other passwords.
Why SMS Alone Is Not Enough
While SMS-based OTP is better than no 2FA, SIM-swap scams — where criminals convince your telco to transfer your number to their SIM card — have been reported in Malaysia. For higher security, use an authenticator app or hardware key where possible, especially for business accounts.