How much more secure would your online accounts be if every time someone tried to log in they had to plug in a USB key and enter your password? Or what if your Gmail required not only your username and password.

In this article, I explain why two-factor authentication is useful and how you can use it in a way that neutralizes those excuses. And don't worry. You won't have to buy a fancy new iris-scanning device to do it.

Online, you can prove your identity using one of three kinds of factors: something you are, something you have, or something you know. A username and password are something you know, and they're usually the first factor in two-factor authentication. The second factor could be a smartphone tied to a phone number that only rings for you. The phone number is something you and only you have. Text messages sent to that phone number with a six-digit code could be the second authenticator. Texting is one of the most common implementations of two-factor authentication. Other factors could be a fingerprint (something you are) or a small electronic token that generates a unique code every 60 seconds (something you have).

At the very basic level, two-factor authentication is safer than a username and password alone because, quite simply, it adds another factor. It means you need two keys to get in instead of one. That's good to know, but not very compelling, so let me explain why it works in practice.