Jannik, 39: Gambling is his thing. Sometimes he even gambles with the security of his data.*

I've been into this since the Atari 7800 and have collected every major console. I have never had any problems. Sure, sometimes a pirated copy may have crashed from time to time or a processor burned out. But no one has ever been able to access my console from the outside.

That changed recently.

My current gaming machine is obviously connected to the Internet - it's the only way I can gamble online with my mates or download the latest games without going to the shop. All I needed was an e-mail address, a strong password and my credit card. I set up the account and was good to go: every time I start the console, it automatically logs into the user account; digital purchases are just as easily to debit from my account.

I often had debits on my bank statements from these purchases and other online shopping but yesterday I noticed that a total of €1,344 had been spent with various Internet retailers using my credit card! At the same time, I checked the Internet for the latest news and saw a report that several million passwords had been leaked from the developer of my console.

So I called their hotline; they advised me to block my account at my bank, set new passwords and file a complaint. I discovered that they have been offering what is known as two-factor authentication for about three years. That would have protected my credit card data...

After the call, I did some research online on what this complicated-sounding concept actually means. The BSI website explained that all I had to do was set up a second security level; this would then require a quick e-mail confirmation every time I logged in, and the criminals would not have had a chance.

If only I had known about this earlier. I've been unlucky this time round. The police don't think I'll get my money back because the perpetrators operate from abroad and the channels they use can't be traced. I was too complacent and let my guard down in terms of security - now I probably won't be able to afford the next-generation console when it is released.

Find out how two-factor authentication works and why it is recommended in the video:

Set up two-factor authentication

As the name suggests, this login procedure incorporates two factors. The first factor is usually a password; something only you know. The second factor can be a finger print or a code sent by e-mail, SMS or created by a TAN generator. It uniquely identifies you because it has a biometric feature or is linked to something you possess.

For hackers and criminals, this makes it very difficult for them to gain access to other people's accounts. If they steal passwords, for example, they still cannot log into an account secured this way because they lack the corresponding fingerprint, for example. With a two-step login, you create a safety net that offers protection if the first barrier has been overcome.

• Check the settings of your user accounts to see if this function is available and activate it where possible.
• Additional protection is particularly recommended for sensitive data, such as payment information, device access or company accounts.
• The factors should always originate from more than one device. So you should not confirm payments with the device you use to initiate the transfer, for example. This makes it much more difficult for criminals to intercept your second factor.

In addition to banks, you can set up two-factor authentication or a two-step login for almost all major Internet service providers.

*Fictitious use case