An ever-increasing number of Web sites boost their security via two-factor authentication (2FA), which requires you to type in a short numeric code to complete a login after entering your username and password. It’s a big win because that code is generated on the fly and is good for only a short time (often 30 seconds). So even if your username and password were revealed in a data breach, your account is safe if you use 2FA. We recommend using it whenever possible.
You get these codes—usually six digits—in one of two ways. The most common is via an SMS text message to your iPhone, but you may instead be able to generate authentication codes with an app such as 1Password, Authy, or Google Authenticator, or LastPass. And yes, if you’ve followed our advice to use 1Password or LastPass as a password manager, their capabilities to generate and enter these codes is a nice bonus.