Our development team is spending the early part of 2025 making a series of under-the-hood improvements to our two-factor authentication (2FA) platform. We wanted to take the opportunity to summarize our 2FA features and why you should consider enabling them on your Commons account, if you haven’t already. For anyone unfamiliar, 2FA (as the name implies) adds a second layer of login security on top of simply entering a password. It is one of the best ways to protect yourself in an increasingly sophisticated world of hackers and cyberthreats.

What does 2FA look like in practice? After entering your user name and password, you are prompted for a second verification method. This will often be, for example, a one-time code sent to your account email or generated by a third-party authentication app. Only after providing this second code, and authenticating through a separate device or trusted platform, is access granted to your account. This overview on our help site walks through the steps for editing and enabling security settings and 2FA on the Commons.

2FA is one of the best ways to increase data security and digital privacy. If anyone illicitly obtained your user name and password, they would also have to gain control of your second verification method in order to log in, which drastically reduces their chances of causing any trouble. In 2019, 2FA research from Google and partner universities found that common forms of 2FA “can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks that occurred during our investigation.” The FTC has provided a convincing overview of 2FA, and CUNY has posted an overview of how to use Microsoft for similar verification purposes on university platforms.

And remember: the more simple and easy-to-remember your password, the easier it is for it to be exploited and compromised. If you would like to further ensure your digital privacy, we’d recommend that you consider forgoing traditional password entry entirely, and especially the use of the same password across multiple platforms. A password manager is a user-friendly, increasingly common way to use diverse and complex passwords everywhere they are required. Visit our Commons Help site to check out our password best practices and a few examples of free password managers.

Thanks for your time and attention to this, and stay safe out there!