Two-factor verification is a method which confirms a user's identity by using two different components. For example, sites offering two-factor ID require a user name and a password - plus a secondary verification method (like sending a secret code to a user's mobile phone) to ensure the right person is logging in.
According to the National Cyber Security Centre's data security expert Markus Lintula says that in order to be secure online these days, people should be using at least two-step verification.
"It works like this, you log in with a password and then the site in question sends an SMS with a one-time code to your mobile phone, or the code is in an adjacent app on the phone," he says.
There are even tighter security measures used by some websites, called multi-factor verification, but Lintula says that it is rare that people even use two-step which is available on many popular sites requiring users to log in.
People unaware of two-step verification
Lintula says that people don't use the two-step method because often they are unaware of the possibility.
The most common websites like Google, Facebook, Twitter, Apple, Amazon and PayPal all use two-step in one form or another, but their use is not always loudly encouraged, he says.
"Everyone should be using it, as it costs nothing and significantly increases security," Lintula says.
About a month ago it was reported that some 500 million user names and passwords were leaked by a breach at Yahoo.com, and earlier this year news broke of another breach of the details of some 117 million Linkedin.com users.
Password systems imperfect, but continue to be used
Lintula still advises using unique passwords on each account, but that is not enough in itself.
Two-step verification is particularly important to use on email accounts, he says.
"All websites have that 'I forgot my password' button and when you click on it, the site sends you a new password or link which enables you to change it. And if a hacker has gotten into your email account, he can then take over all of your other accounts on the internet which are attached to that email address," Lintula says.
The security expert recommends that people take matters into their own hands to look for two-factor verification on the sites they use.
Nov 4: Corrected to 500 million user names.