Fitbit has introduced 2FA protection allowing you to add an extra layer of security for your account. Here’s everything you need to know.
What is 2FA?
2FA stands for two-factor authentication. It is also sometimes referred to as dual-factor authentication.
The clue is in the name. 2FA allows you to add more protection for sensitive data. It does require an extra step to log-in but at least you have peace of mind that your data will be safe.
Essential reading: Best fitness trackers and health gadgets
The second layer of security could be a third-party app, an SMS sent to your phone and similar. This will display a randomly generated and constantly refreshing code to use for authentication. The combination of that code and your password helps keep an unknown person from accessing your data. They might be able to guess your password but will not know the login code.
Passwords might seem safe and this is true to an extent. But such info can be compromised, particularly if you reuse the same password over and over. Plus there are key logging and other malware tools that can find their way to your machine and capture passwords as they are typed.
These days you can switch on 2FA for pretty much anything. Most email clients have them, as does bank software and anything really that contains personal data.
Why would I want 2FA on my Fitbit?
The 2FA protection is not for the smartwatch or fitness tracker on your wrist. It is meant to be used when logging into your online account, more precisely for the smartphone app. But why would you want this?
Well, there have been examples of Fitbit account profiles being hijacked. Some two years back the company suggested users consider changing your password to something secure and unique because of this.
Your Fitbit account contains sensitive info. If you use Fitbit pay, this is linked to a credit card and payment provider. The company says it is not possible for someone to access your credit card information via your Fitbit account, but that they’ve seen instances of attackers using account data to obtain a replacement device (per their warranty) and then selling it.
Whatsmore, if you use GPS for tracking, someone could potentially work out your street address in addition to name – so there’s a risk of identity theft. A house robber might use the info to try and determine when you are not at home. Reddit is littered with stories of Fitbit accounts that were compromised.
User data is valuable these days. Companies pay for that sort of information.
Never assume your information is safe just because you have a password. This is why enabling 2FA is a good idea.
How to use 2FA on to protect your Fitbit account
2FA has been sitting on the Fitbit suggestions page for about two years. The feature was finally introduced late last month.
Here are the steps that you’ll need to take in order to enable 2FA:
- Open the Fitbit smartphone app and choose the Today tab.
- Click on your profile picture.
- Choose Account Settings / Two Factor Authentication
- Pick the option to turn on Two Factor Authentication.
- Follow the instructions to enter your phone number. You’ll then get a SMS message that contains a verification code. You can link only 1 Fitbit account to 1 phone number.
- Enter the verification code where prompted in the app. Choose Confirm.
- You’ll then be asked to provide your Fitbit account password. Type this in and press Submit.
- The screen will show your recovery code. Store it somewhere as it allows you to bypass the SMS message. It could be useful in the future – for example if you lose your phone or change your phone number
- Press Done when finished.
From this point on, whenever you log into your account, you’ll get an SMS message with a code. The info will be necessary to access the smartphone app. If you enter the incorrect code several times in a row – your account will be locked for 24 hours.
Disabling 2FA can be done from the smartphone app. This also allows you to change the phone number associated with the account.
2FA has been long overdue and it is good news that Fitbit has finally come around to implementing it. An SMS offers a good secondary layer of protection. We hope to see Fitbit introducing 2FA support via third-party authenticator apps. This will make it more convenient to use than via SMS.
Even with 2FA enabled it is good practice to change your password from time to time. Passwords can be leaked online and you can check if this is the case by using a monitoring service such as haveibeenpwned.com. Also make sure to keep your computer free from malware by using anti-virus software.
If you find that your account has been compromised, make sure to change your password ASAP. If you are unable to log into your account contact Fitbit Support.
Like this article? Subscribe to our monthly newsletter and never miss out!