(Credit: Dashlane)

Knowing that your app accounts are secure and not just anyone can access them is a critical aspect of cybersecurity--and implementing two-factor authentication is an important step.

Two-factor authentication (2FA) is a way to confirm a user's identity by asking for two pieces of evidence. For example, combining a password with a security question, a code texted to your phone, or a 2FA app like Authy (Android, iOS), Google Authenticator (Android, iOS), or Microsoft Authenticator (Android, iOS).

Dashlane, a password manager app (Android, iOS), ranked 34 top consumer websites in the US to see how their 2FA stacked up, or if they had it at all. The program found that 76 percent of the top sites do not offer a full set of 2FA.

SEE: Best apps for securing Android and managing privacy settings

Dashlane used a point system to judge a site's 2FA security. A site got one point for text or email authentication, one point for software tokens like Google Authenticator or Authy, and three points for hardware tokens like Yubikey or U2F. The maximum score could be 5/5.

Only eight companies or 24 percent of companies passed for their US 2FA settings. Bank of America, Dropbox, E*Trade, Facebook, Google, Stripe, Twitter, and Wells Fargo had a 5/5 score. Best Buy, NextDoor, TaskRabbit, and ZocDoc received the lowest scores, offering users no 2FA options.

Companies like Airbnb, American Express, Chase, Discover, Citibank, LinkedIn, Mint, Venmo, and Yahoo got a one-star rank. Sites like Instagram, Apple, Amazon, Capital One, GoDaddy, Slack, WhatsApp, and others got two stars ranking.

"Through the course of our research we found that information on 2FA is often presented in a way that is unclear, making it difficult for consumers to confirm 2FA offerings," Emmanuel Schalit, CEO of Dashlane said in a press release.

Schalit went on to say that Dashlane's researchers had to omit a number of websites from their research because the information regarding 2FA wasn't clear.

"It's reasonable to conclude that many consumers are not taking full advantage of the security options available to them due to this lack of transparency," Schalit said.

Dashlane only evaluated the 2FA options of a site's desktop browser. The 2FA available on the site's mobile apps, mobile browsers, or desktop apps was not examined.

"It is fitting that we decided to share the results of this research near Halloween because in the wake of recent data breaches and hacks, there should be nothing scarier to an organization than the thought of risking their customers' valuable data," Schalit said. "We want to educate the public about the benefits of an addition like two-factor authentication so that they can demand the latest innovations in security from the companies serving them."

Without 2FA, accounts are vulnerable to attacks. Passwords are only one form of protection, and only if they're strong enough. 2FA helps protect users against easy-to-guess passwords and brute force attacks.

While it does take a moment longer to log in, it could be argued that it's worth a few more seconds if you're not at less risk for having your accounts hacked or data stolen.

FOLLOW Download.com on Twitter for all the latest app news.


  1. A new report from Dashlane found that 76 percent of popular consumer websites have lackluster two-factor authentication or don't use it at all.
  2. Websites like Best Buy, NextDoor, TaskRabbit, and ZocDoc offered no two-factor authentication at the time of this report, while other leading services don't implement 2FA based on cybersecurity best practices.

Also see

Shelby is an Associate Writer for CNET's Download.com. She served as Editor in Chief for the Louisville Cardinal newspaper at the University of Louisville. She interned as Creative Non-Fiction Editor for Miracle Monocle literary magazine. Her work appears in Glass Mountain Magazine, Bookends Review, Soundings East, and on Louisville.com. Her cat, Puck, is the best cat ever.