Sign up for our newsletter ⟩
News |

Finnish data security expert urges everyone to use two-factor verification online

With major websites regularly leaking the data of millions of people around the world, personal online security has never been more important. A security expert at the National Cyber Security Centre of Finland says that everyone should use be using two-factor verification for websites and online apps whenever possible.

Sormet pimeällä näppäimistöllä.
Image: Artur Marciniec / AOP

Two-factor verification is a method which confirms a user's identity by using two different components. For example, sites offering two-factor ID require a user name and a password - plus a secondary verification method (like sending a secret code to a user's mobile phone) to ensure the right person is logging in.

According to the National Cyber Security Centre's data security expert Markus Lintula says that in order to be secure online these days, people should be using at least two-step verification.

"It works like this, you log in with a password and then the site in question sends an SMS with a one-time code to your mobile phone, or the code is in an adjacent app on the phone," he says.

There are even tighter security measures used by some websites, called multi-factor verification, but Lintula says that it is rare that people even use two-step which is available on many popular sites requiring users to log in.

People unaware of two-step verification

Lintula says that people don't use the two-step method because often they are unaware of the possibility.

The most common websites like Google, Facebook, Twitter, Apple, Amazon and PayPal all use two-step in one form or another, but their use is not always loudly encouraged, he says.

"Everyone should be using it, as it costs nothing and significantly increases security," Lintula says.

About a month ago it was reported that some 500 million user names and passwords were leaked by a breach at, and earlier this year news broke of another breach of the details of some 117 million users.

Password systems imperfect, but continue to be used

Lintula still advises using unique passwords on each account, but that is not enough in itself.

Two-step verification is particularly important to use on email accounts, he says.

"All websites have that 'I forgot my password' button and when you click on it, the site sends you a new password or link which enables you to change it. And if a hacker has gotten into your email account, he can then take over all of your other accounts on the internet which are attached to that email address," Lintula says.

The security expert recommends that people take matters into their own hands to look for two-factor verification on the sites they use.

This link at has a list of sites offering two-step verification. The site offers detailed instructions in English about how to activate two-step verification online.

Nov 4: Corrected to 500 million user names.

Latest in: News


Our picks