It’s been far too long in the making, but Fitbit has finally started to roll out 2-factor authentication (2FA) to accounts. Now, by all reports, the rollout is in the early stages and only available to selected users with particular devices. It makes a lot of sense for a company like Fitbit to do this, after all, you’re providing a lot of data (activity, location and general health) to their system.

There is still a bit of a problem with the way this is being done by Fitbit though as it’s text-based 2FA, of course, it’s better than nothing. The issue with text-based 2FA is that “stealing” a mobile number, is a common way that identity theft occurs. With critical accounts sending 2FA to your mobile, that’s a problem and where items like a Yubikey stand out.

As yet, none of our — the Ausdroid Team — accounts have had a prompt to add 2FA, but according to 9to5Google the process is simple:

  • You’re prompted to add your phone number
  • Directed through the app to turn on 2FA
  • You’ll receive a verification code

Given our increasingly online lives, turning on 2FA for anything that offers the feature is surely a necessity. Will you be enabling 2FA on your Fitbit account once it becomes available?