So why two-factor verification is still unpopular? Sure, it creates an extra step to take to log in, but most users omit it not because of this extra time and effort, but because they are afraid of losing access to their credentials if something goes wrong with their authentication devices. It also complicates man-in-the-middle and man-in-the-browser attacks. Thus, two-factor authentication protects from brute force, keyloggers, most cases of phishing and social engineering.
If you use two-factor verification, an intruder would need to get both the unique password you came up with, and the gadget, which produces the verification codes, to break into your account. In the contemporary world, where database leaks are a standing affair, two-step authentication is not an option, it is, in fact, a must. Our regular readers know that we strongly recommend applying two-step verification wherever it’s possible.