Just about any account you own on the internet is prone to being hacked, and one of the easiest ways to add an extra layer of security is to enable two-factor authentication. Also known as two-step verification or 2FA, the process gives web services secondary access to the account owner (you!) in order to verify a login attempt. Typically, this involves a phone number and / or an email address.
While 2FA doesn’t totally cloak you from potential hackers, it is an important step in preventing your account from being accessed by unauthorized users. Here’s how to enable 2FA on your accounts across the web.
Editor’s note, January 23rd, 2019: If you own a Nest camera, you might want to activate 2FA right away. There has been a recent string of “hacks” where existing, compromised passwords are being reused to scare Nest Cam owners. We’re resurfacing this how-to today with instructions on how to do that. Note that other brands of cameras do not currently seem to support 2FA.
2FA is currently offered to Apple users on iOS 9 or macOS X El Capitan or later. (We don’t make the rules!)
The steps are slightly different depending on how updated your iOS software is. For those using iOS 10.3 or later, you can enable 2FA on your Apple ID by going to “Settings” > [Your Name] > “Password & Security.” You can turn on 2FA to receive a text message with a code each time you log in.
Those using iOS 10.2 or earlier, the settings are under “iCloud” > “Apple ID” > “Password & Security.”
Click the Apple icon on the upper left corner of your screen then click “System Preferences” > “iCloud” > “Account Details.” (You can shorten this step a bit by typing in iCloud on Spotlight.) Click on “Security,” and you’ll see the option to turn 2FA on.
The remainder of the steps, from either iOS or Mac, are the same. You can opt for Apple to send you a six-digit verification code by text message or a phone call.
Even though you can access Instagram from a web browser, at this time you can only turn on 2FA from its mobile app. Head over to your profile and click the hamburger menu on the upper right corner. Under the Account section, you should see “Two-Factor Authentication.” Toggle “Require Security Code” on to receive a text message with a login code to your account’s phone number each time you sign in.
Under the hamburger menu on mobile apps or the upper right side on a web browser, click “Settings” > “Security and Login,” or go to https://www.facebook.com/settings?tab=security. Under the section “Use two-factor authentication,” you will have the option of registering your phone number to receive a code each time you log in, or have Facebook send a push notification to your phone to authorize or deny the login attempt.
Here, you can also set up a Security Key to log in through USB or NFC, or pre-generate a Recovery Code in case you’re traveling abroad where you will not have cell service.
If you prefer to not use 2FA each time you log in from the same device (say, your personal laptop or phone) you can also set up your trusted devices under the “Authorized Logins” menu. This will allow you to grant access to bypass 2FA for devices currently logged in to your Facebook account.
On either the Twitter mobile app or browser version, click your profile avatar and find the “Settings and privacy” menu. Under “Account” > “Security” (or https://twitter.com/settings/account, as a shortcut), you can toggle on “Login verification” to make Twitter text your phone number a code to log in.
Just like other services mentioned above, you can generate a backup code to use when you’re traveling and will be without internet or cell service, or even create a temporary app password that you can use to log in from other devices. The temporary password expires one hour after being generated.
Go to the Amazon homepage and log in. From your Account homepage, find “Login & Security” and click the edit button on “Advanced Security Settings.” To set up, click “Get Started” and Amazon will walk you through registering your phone number, or you can opt to use your preferred authenticator app by syncing it through a QR code.
Here’s how to make your online accounts safer.
Posted by The Verge on Wednesday, June 28, 2017
Once verified, you can select trusted devices to bypass 2FA or generate a code to log in via a mobile app.
The easiest way to turn 2FA on across your Google accounts (i.e., Gmail, YouTube, or Google Maps) is by heading over to the main 2FA landing page and clicking “Get Started.” You’ll be asked to log in then enter a phone number before selecting to receive verification codes by text message or phone call. Like Facebook, you can also choose to use “prompts” that allow you to simply click “Yes” or “No” when a login attempt occurs, or generate a Security Key with a USB stick.
Here, you can also generate backup codes for offline access. Google generates 10 at a time and they’re designed to be single-use, so once you’ve successfully used one, cross it out as it will no longer work.
From the app’s main page, tap the gear icon and look for “My Account,” followed by “Login Verification.” Select SMS to receive a code for each time you log in. Once 2FA has been enabled on your Snapchat account, you can add trusted devices or request a recovery code for when you’re planning to be somewhere without cellular service.
To enable 2FA, you’ll need to access the “Account Settings” page from either 1) clicking on your username on the upper left corner to open a drop-down menu > “Profile & Account” > clicking the gear icon, 2) clicking on your own username from the chat window and selecting “Open account settings,” or 3) heading to my.slack.com/account/settings. The second option under your username should be to enable 2FA.
From here, if you have multiple email addresses, you may need to select a default one before moving on to picking whether you’d like to receive a passcode by SMS or through an authenticator app. More on that at the bottom of this post. After you verify your account with a six-digit code, 2FA will be enabled.
Log in to your Microsoft account and find the “Security settings” menu. Choose to set up 2FA and you’ll get walked through the steps with your phone number similarly to the process outlined for all other services above. For when you lack cell service, click “App passwords” to generate a unique, one-time use password to log in.
From your Dropbox homepage on the web, click your profile avatar and find “Settings” > “Security.” Scroll down a bit to find “Two-Step Verification” — there it will tell you the status of your 2FA. Click to enable to turn the feature on and enter your phone number to verify.
Open up WhatsApp, and find the Setting menu. Look under “Account” > “Two-step verification” and hit enable. You can enter your phone number just like everything else on this list, or choose to input your email as an alternative place to receive the verification code.
Having an associated email with your WhatsApp account is important since the service won’t let you reverify yourself if you’ve last used WhatsApp within seven days and forgot your PIN. So if you can’t wait a week to reverify for whatever reason (lost phone, can’t remember your PIN), it’s helpful to have an email to log yourself in or disable 2FA. In the same vein: be cautious of emails encouraging you to turn off 2FA if you didn’t request it yourself.
On the main dashboard, click the gear icon and find “Profile and settings.” PayPal doesn’t explicitly call the feature out as “Two-Factor Authentication” so you’ll need to look for “Security Key.” Click this to set up what’s basically your 2FA by entering your phone number, verifying with the SMS code, and continuing as normal.
If you lose your phone, change numbers, or decide to revoke authorization rights, come back to this menu in the same steps outlined before to make adjustments.
Considering some of the hack scares that have been hitting the news lately, it’s a good idea to add two-step verification to your Nest smart home system.
Nest first suggests that you make sure that you have the latest version of its app on all of your devices. Then, on the home screen, go to “Settings” > “Account” > “Managing account” > “Account security,” and select two-step verification. Toggle the switch to on. A series of prompts will ask for your password, phone number, and the verification code that will be sent to your phone.
Keep in mind that all of your devices will be automatically signed out, so you’ll have to sign in again using the two-step verification.
If all your family members don’t have their own logins and have been using yours, it’s a good idea to set them up with separate logins using Family Accounts. Otherwise, when they try to log on using two-step verification, the necessary code will be sent to your phone, not theirs.
For everything else not listed here, we recommend using authenticator apps to keep track of verification codes so you can get them sent to you without requiring cellular service. This is useful for when you’re traveling abroad and have access to only the internet. Popular options include Authy, Google Authenticator, or HDE OTP (iOS only). These apps follow mostly the same procedure when adding a new account: scan a QR code associated with your account, and it will save it in the app. The next time you need to log in, just open up your app to find the six-digit code required to get past security.
These extra steps are great for adding a layer of security on all your accounts, but remember that you should be changing and updating your passwords regularly even with 2FA enabled, just to stay in tip-top shape.
Update January 23rd, 2019 12:15PM ET: This article was originally published June 19th, 2017 at 8:29AM ET. It has been updated to include smart home security.