How to Set up Two-factor Authentication on Your Online Accounts

Just about any account you own on the internet is prone to being hacked. After numerous widespread breaches through the past years, tech companies are now working together to develop a standard that would make passwords a thing of the past, replacing them with more secure methods like biometric or PIN-based logins that do not require transferring data over the internet.

Photo: Naked Security

But while those standards are still being adopted, the next best way to secure your accounts is two-factor authentication, or 2FA. This a process that gives web services secondary access to the account owner (you) in order to verify a login attempt. Typically, this involves a phone number and / or an email address. This is how it works: when you log into a service, you use your mobile phone to verify your identity by either clicking on a texted / emailed link, or by typing in a number sent by an authenticator app.

Apple

Two-factor authentication is currently offered to Apple users on iOS 9 or macOS X El Capitan or later.

iOS

The steps are slightly different depending on how updated your iOS software is. For those using iOS 10.3 or later, you can enable 2FA on your Apple ID by going to Settings > [Your Name] > Password & Security. Turn on 2FA to receive a text message with a code each time you log in.

macOS

Click the Apple icon on the upper left corner of your screen, then click System Preferences > iCloud > Account Details. (You can shorten this step a bit by typing in “iCloud” using Spotlight.) Click on Security, and you’ll see the option to turn 2FA on.

Instagram

Instagram added 2FA to its mobile app in 2017, but now you can also activate it through the web.

To activate 2FA on your mobile app, head over to your profile and click the hamburger menu on the upper right corner. Look for Settings, then Privacy and Security. The menu item for Two-Factor Authentication is located in the Security section.

From here, you can choose between text message-based verification, a code sent to your authentication app, or one of Instagram’s pre-generated recovery codes. The last is most useful if you are traveling in a place where you lack phone service to receive texts.

Facebook

The way to access Facebook’s 2FA settings is bit different on the app and the web.

As of February 2019, you can access your privacy settings on the mobile app on both iOS and Android by clicking the hamburger icon on the upper right corner and scrolling down to the bottom to find the Settings & Privacy menu. Tap Settings > Security and Login. The 2FA option will be available under Setting Up Extra Security.

Like Instagram you can opt for a text message, an authentication app, or recovery codes for verification.

On the web, click the arrow next to the Help icon (a circle with a question mark inside) on the upper right side. Toward the bottom, you can find the Settings menu that can take you to the main page where you’ll find Security and Login on the left-hand side. Click on that, and then find the Two-Factor Authentication subsection. You can also add a security key login through USB or NFC here.

Paypal

On the main Summary page, click the gear icon and find the Security tab. Look for the section called “2-step verification” and click on the Set-Up link. You’ll get a choice to have a code texted to you or use an authenticator app.

Google

The easiest way to turn 2FA on across your Google accounts (i.e., Gmail, YouTube, or Google Maps) is by heading over to the main 2FA landing page and clicking Get Started. You’ll be asked to log in, then to enter a phone number; you can then choose whether you want to receive verification codes by text message or phone call. You can also choose to use prompts that allow you to simply click “Yes” or “No” when a login attempt occurs or generate a security key link.

Twitter

On either the Twitter mobile app or browser version, click your profile avatar and find the “Settings and privacy” menu. On the left-hand menu, go to Account. Look for the Security subhead, click on “Set up login verification,” and follow the directions.

Once you’re all set up, Twitter will then text a code number to your phone number when you want to log in. Recently, Twitter has also added security key support.

As with other services mentioned above, you can generate a backup code to use when you’re traveling and will be without internet or cell service.

If you have a verified Twitter profile, you may see the option to create a temporary app password that you can use to log in from other devices. This can be used to log into third-party apps if you have them linked to your Twitter account. Note that the temporary password expires one hour after being generated.