Two-Factor Authentication: What is It and How Does it Work?

There are many ways that you can protect yourself on the internet, and one of the things you can do is begin using two-factor authentication.

two-factor authentication

You have likely seen two-factor authentication even if you don’t totally know what it is. For example, if you do your banking online, your bank might send a code to you via text or email. Or when you try to change your password you might receive some form of a confirmation to make sure it’s you. This is exactly what two-factor authentication is…it’s an extra step you take that confirms you own the account. This makes it harder for a criminal hacker to get into your account. Not only does a hacker need a password to get into the account, but with two-factor authentication, they also need access to your email account, a keyfob or your smart phone.

Sites That Have Two-Factor Authentication

Most major websites offer two-factor authentication. You can find help setting these up, below:

Apple ID

You can set up two-factor authentication on your iPhone, iCloud, or iPad:

  • Click “Settings,” “Security,” and finally choose “Turn on two-factor authentication.”
  • Enter your phone number
  • Check your texts, and then enter the code. That’s it.


  • Log into your Facebook account and then click “Settings” before clicking “Security and Login.”
  • Click on “Use two-factor authentication,” and then click on “edit.”
  • Choose the method. There are a number of options including apps, texts, and code generators.
  • Instructions will appear on screens
  • Click on “Enable.”


You can also set up two-factor authentication for Google accounts, including Gmail.

  • Navigate to Google. Here, you can find two-factor authentication.
  • Click on “Get started.”
  • Follow the instructions that appear on screen to turn the feature on.


  • Sign into your Yahoo account
  • Click on “Account security.”
  • Check to make sure “two-step verification” is clicked to “On.”
  • Type in your phone number and choose phone call or text message
  • Input the code, and then click “Verify.”


If you have an Instagram account, you can also set up two-factor authentication:

  • Log into your Instagram account.
  • Go to your profile and click on the operating system you use.
  • Scroll down until the “two-factor authentication” option appears.
  • Click “Require security code.”
  • Insert your phone number, and then click “Next.”
  • A code will be sent to your phone. Put it into Instagram, and then click “Next.”


If you have Twitter, you can use two-factor authentication, too, but there are different steps to take depending on how you get onto your account. For instance, it’s different on a laptop when compared to an iPhone. You can check out the Help Center to learn more about seeing up two-factor authentication.

Here are some more sites that allow two-factor authentication. Click on the links for more information:





With billions of records stolen, it is likely a criminal not only has your username for various accounts, which is often a simple email address, but they also might have your pass code for various accounts. Currently, the only real and true way to keep them out is with two factor authentication. And while some will debate that two factor authentication is far from full proof, it really is the best option that is easy to use and offers a comprehensive layer of defense.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Synthetic Identity Theft: What Is It?

You might know what identity theft is. It’s when someone takes someone else’s personal and private information so that they can get something out of it…namely, money. What you might not know is what synthetic identity theft is. The goal is the same, but it’s a little different.

Synthetic Identity Theft

In the case of synthetic identity theft, a person makes up a new and fake identity by mixing up information from a real person with information that they create. You might not immediately see that this is a bad thing, but it can be pretty devastating.

Here are three ways that hackers can create a synthetic identity:

They Can Create a New Credit Profile

By far, the most common way that the bad guys use a synthetic identity is to create a new credit profile. Basically, they use a valid Social Security number, which they take from the victim, and pair it with a made-up name. Then, they start applying for credit with this information. Typically, these applications will get denied, but during this process, a credit profile is created. Even with poor credit, there are companies that give credit to people with bad credit, so the hackers know they can get a few hundred dollars out of this which can turn into a few thousand dollars or more.

They Can Piggyback

Another thing that people do with synthetic identity is a practice known as the piggyback. At a basic level, they look for individuals with great credit, and then they access their account. When they do this, they add a fake person as an authorized user. However, they don’t use this account. Instead, they bide their time and let it sit. While they wait, the major credit card agencies create a report of this synthetic identity, and the criminal hacker can use this new, great credit profile to apply for loans and credit cards.

They Practice Data Furnishing

Finally, they might use data furnishing. This is an effective, sophisticated method, and it requires someone else to help. Basically, the hacker needs access to someone like a manager or a small business owner from an established business. The company is already well-known, and it is approved to offer info on their customers…which they give to the hackers. A setup like this takes several months to set up, but once it is established, it can make the thieves a lot of cash.

Currently, it’s difficult to pinpoint how much financial impact these synthetic identities have, although it is thought that it could be billions of dollars in losses. For someone who gets into the business of identity theft, this could mean billions of dollars. Thankfully, there are a number of things that you can do to protect yourself, including being careful about what type of information you are sharing, especially when it comes to social media. Also, consider a credit freeze and ID theft protection, and make sure that you check your credit report regularly.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Use Facebook or YouTube if You Want to be a Criminal

When you start thinking about a cybercriminal, you probably imagine a sleezy looking person in a dark room wearing a black hoodie, right? They are likely browsing the dark web and maybe surrounded by empty high energy drinks. However, that’s not how most cybercriminals look. Most look just like a normal person, and they are hiding in plain sight.

They are organized, they function like any profitable business, they have hierarchies, employees and even a business plan.

Criminals can easily create Facebook groups or YouTube channels, and then they start participating in cybercrimes, which include buying and selling information from credit cards, spamming/phishing tools, or even accessing logins and passwords. Some of these groups have thousands of members.

This might not sound like a lot, but it is. You also have to consider the fact that Facebook as approximately 2 billion people logging into the site every month. With that amount of people, it can be difficult for the company to deal with this type of infiltration.

Facebook removes these cybercriminals, but it tells us that the mega corporation is having a difficult time keeping bad behavior at bay. This is a game of whack a mole. They keep popping up like mushrooms or weeds. These groups also includes share false information, hate speech, and incite violence. It also shows how this behavior is amplified by Facebook’s or YouTubes algorithms.

Finding these groups or channels is easy. All you have to do is search for “spam” or ‘CVV,” “dumps”, “skimming” or search a variety of “white supremacy” terms and then join. Once you join these groups, the algorithms come into play and suggest even more groups that are similar. The truth is, these sites  don’t have a good way to catch these criminals, and it relies on user reports to police the bad behavior.

Since this is the case, tech companies have a long way to go before it can stop relying on user reports. There is also the fact that oftentimes, these reports are not taken seriously, so even valid reports can fall through the cracks.

One example of this is with the terrorist attack in Christchurch, New Zealand in 2019. The gunman actually streamed the attacks on Facebook Live. Though Facebook took the video down, eventually, thousands of people were able to see it before it disappeared. Facebook claims that there were no reports of the video, which is why it took so long to take it down…though that is difficult to believe.

The one bright spot is that Facebook has admitted that there is an issue, and it understands that these groups were in violation of its own policies. The company also said that it knows that more vigilance is required and that it is working on investigating more criminal activities that are reported.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Is Your Spouse Cheating? Your Kids Lying? They Might Use a Vault Application

If you have a child who has a smartphone or a spouse who is acting suspicious, they might be hiding things on their mobile devices. How are they doing this? By using a vault application.

Basically, these apps offer a place where people can hide things like videos, photos, and other files, and you would probably never realize it by looking at their phones.

vault application

Vault application – how does it work?

A vault application is basically little storage app where people can store things they want to hide. Some of them are called “Calculator Vault,” “Ky-Calc,” and “Calculator Percent.” Unsurprisingly, if you were to open these apps, they simply look like a calculator.

In fact, you can use them as a calculator. But, if a secret code is put into the app, you can store things. For example, “Ky-Calc” allows users to store images, keep a separate contact list, and it even has a hidden internet browser.

If you are like most people you probably don’t want your kids to hide things from you, but at the end of the day, the real danger is hiding in the vault application. Yes, apps like these are commonly found on the phones of sneaky kids and spouses, they also are popular for predators. These are people who begin to engage with your kids online, and then ask your kids to download these apps… and then, they can communicate with them without you realizing it.

Here are some things that you should know about vault applications:

  • Vault apps are not very safe. Though they might seem safe, people can easily take a screen shot, and then share it with someone else.
  • These apps look just like other apps. Typically, they are calculators, and they even work like calculators, but they are accessed with a secret code.
  • If you look at a person’s phone and they have two or more calculator apps on the phone, there is probably something weird happening. All smart phones have a calculator on them, so why would you need another?
  • Vault apps are usually free, and they are quite easy to find in the App Store or the Google Play Store. People find them by searching for “hidden apps,” “photo vault,” or even “ghost apps.”
  • You may also be shocked to learn that teens often have competitions with their friends to see what type of content they can hide on these apps without getting caught.
  • Most people who use a mobile phone know what a vault application is, and even kids as young as 12-years old or younger use them.

If you are a parent, or even if you think your spouse is acting strange, you should start looking into the mobile devices of those in your family. There should be an open and honest discussion about this, and it shouldn’t be a taboo subject, especially when it comes to a loved one.

Quite frankly, your kids shouldn’t expect total privacy until they are 18 years old. With a spouse, it’s respect for each other. If you don’t have trust with your kids or spouse, there is an issue.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.