Two-factor authentication, explained for the dinner table
The single best security habit you can give a kid, explained without a single technical word.
If you do one technical thing for your kid’s accounts this year, make it this one. And you can explain it in a sentence: a password is a key, and two-factor is a second lock that only your phone can open.
Here’s why it matters in plain terms. Passwords leak constantly — in breaches, in scams, in reused logins. When a password leaks, the account is wide open. Two-factor means that even with the password, a stranger still can’t get in, because the second step lands on a device they don’t have.
For a kid, this protects the things they’d actually be devastated to lose: their game account with years of progress, their social profile, their messages.
What to do, in order of strength:
Best: an authenticator app. A free app that generates a rotating code. Set it up once on their phone.
Good: a passkey or ‘sign in with’ the phone’s built-in security. Increasingly the default — take it when offered.
Fine: codes by text message. Weaker than the others, but vastly better than nothing.
Do it together, on their most-loved account first — the game, usually. That’s the one where the value is obvious to them, so the habit sticks. Then the lesson generalizes on its own: the account worth protecting is the one you’d hate to lose, and now they know how.