After the Optus, Medibank, and Latitude breaches, cyber security has never been more relevant to everyday Australians. Two-factor authentication (2FA) is the single most effective way to protect your accounts โ€” even if your password is stolen.

What Is Two-Factor Authentication?

Two-factor authentication means you need two things to log in:

  1. Something you know โ€” your password
  2. Something you have โ€” your phone or a hardware key

Even if a hacker steals your password in a breach, they still can’t get into your account without the second factor. It stops 99.9% of automated account takeover attempts.

Types of 2FA โ€” Best to Worst

โœ… Best: Authenticator App

Apps like Google Authenticator, Authy, or Microsoft Authenticator generate a 6-digit code that changes every 30 seconds. Even if someone intercepts your SMS messages, they can’t get in.

Use this for: email, banking (if supported), social media, any account with financial or personal data.

โœ… Good: Hardware Key (YubiKey)

A physical USB key you plug in or tap. The most secure option. Overkill for most people but excellent for high-value accounts.

โš ๏ธ Okay but vulnerable: SMS / Text Message

A code sent to your phone via SMS. Better than nothing, but vulnerable to SIM swapping โ€” where someone convinces your carrier to transfer your number to their SIM. This is increasingly common in Australia following the Optus breach.

If SMS is the only option available, still use it. But upgrade to an authenticator app where possible.

โŒ Avoid: Email-based 2FA

Codes sent to your email are only as secure as your email account itself. If your email is compromised, this provides no protection.

How to Set Up 2FA on Your Most Important Accounts

Gmail / Google Account

  1. Go to myaccount.google.com
  2. Security โ†’ 2-Step Verification
  3. Choose “Authenticator App” and follow prompts

Apple ID

  1. Settings โ†’ [Your Name] โ†’ Password & Security
  2. Turn on Two-Factor Authentication

Facebook / Instagram

  1. Settings โ†’ Security and Login โ†’ Two-Factor Authentication
  2. Choose “Authentication App”

Commonwealth Bank

NetBank uses CommBank Secure โ€” automatic 2FA built into the app. Ensure you have the latest app version.

myGov

  1. Sign in โ†’ Account Settings โ†’ Digital Identity
  2. Set up SMS verification (authenticator apps not yet supported)

What to Do If You’ve Been Breached

If your email and password were in a breach, enabling 2FA is the most urgent step โ€” even before changing your password. Check what accounts have been exposed: Free breach check โ†’

The 10-Minute 2FA Setup Checklist

  • โ˜ Download Authy or Google Authenticator
  • โ˜ Enable 2FA on your primary email (Gmail, Outlook, Apple Mail)
  • โ˜ Enable 2FA on your bank’s app
  • โ˜ Enable 2FA on Facebook and Instagram
  • โ˜ Enable 2FA on your Apple ID or Google Account
  • โ˜ Save backup codes somewhere safe

10 minutes. Blocks almost all automated account compromise attacks.