Pretty much any account you own on the internet is susceptible to being hacked. After many widespread security breaches over the past years, many tech companies are now working together to develop standards that would make passwords a thing of the past, replacing them with more secure methods like biometric or PIN-based logins.
But while those standards are not yet commonplace, the next best way to secure your accounts is through multifactor authentication (MFA) or two-factor authentication (2FA). MFA and 2FA are terms that are sometimes used interchangeably, they mean very similar things. This a method that gives web services secondary access to the account owner (you) in order to verify a login attempt. Typically, this involves a phone number and/or an email address. This is how it works: when you log into a service, you use your mobile phone to verify your identity by either clicking on a texted/emailed link, or by typing in a number sent by an authenticator app. You may have been prompted to do this already when your bank recognizes you signing in from a new location for the first time, or after a long online absence. Many businesses have already implemented 2FA practices, but did you know, that you can set up 2FA to be the default on all of your personal accounts? Here's how to set up 2FA on some of the most popular applications and sites.
Two-factor authentication is currently offered to Apple users on iOS 9 or macOS X El Capitan or later.
The steps are slightly different depending on how updated your iOS software is. For those using iOS 10.3 or later, you can enable 2FA on your Apple ID by going to Settings > [Your Name] > Password & Security. Turn on 2FA to receive a text message with a code each time you log in.
For those using iOS 10.2 or earlier, the settings are under iCloud > Apple ID > Password & Security.
Click the Apple icon on the upper left corner of your screen, then click System Preferences > iCloud > Account Details. (You can shorten this step a bit by typing in “iCloud” using Spotlight.) Click on Security, and you’ll see the option to turn MFA on.
The remainder of the steps, from either iOS or Mac, are the same. You can opt for Apple to send you a six-digit verification code by text message or a phone call. You can also set up a physical security key here.
Instagram added 2FA to its mobile app in 2017, but now you can also activate it online through your desktop.
To activate 2FA on your mobile app, head over to your profile and click the hamburger menu on the upper right corner. Look for Settings, then Privacy and Security. The menu item for Two-Factor Authentication is located in the Security section.
From here, you can choose between text message-based verification, a code sent to your authentication app, or one of Instagram’s pre-generated recovery codes. The last is most useful if you are traveling in a place where you lack phone service to receive texts. To turn on 2FA using the web, log in and head to your profile. Next to your profile name, there is a gear icon next to the Edit Profile button. Clicking this will pop open a settings menu, where you can find the same Privacy and Security section as on the app. From here, you can turn on 2FA and, just as in the app, choose your method for verification.
The way to access Facebook’s 2FA settings is bit different on the app and the web (and Facebook tends to update both layouts often).
As of March 2019, you can access your privacy settings on the mobile app on both iOS and Android by clicking the hamburger icon on the upper right corner and scrolling down to the bottom to find the Settings & Privacy menu. Tap Settings > Security and Login. The 2FA option will be available under Setting Up Extra Security.
Like Instagram (they are part of the same company, after all), you can opt for a text message, an authentication app, or recovery codes for verification.
On the web, click the arrow next to the Help icon (a circle with a question mark inside) on the upper right side. Toward the bottom, you can find the Settings menu that can take you to the main page where you’ll find Security and Login on the left-hand side. Click on that, and then find the Two-factor Authentication subsection. You can also add a security key login through USB or NFC here.
If you prefer to not use 2FA each time you log in from the same device (say, your personal laptop or phone), you can also set up your trusted devices under the Authorized Logins menu. This will allow you to bypass 2FA for devices currently logged in to your Facebook account. If you’ve logged into Facebook on a foreign device — say, a hotel computer while you were on vacation — you can also revoke that access through this setting.
Additionally, for apps that don’t support 2FA when logging in with a Facebook account (such as Xbox and Spotify), you can generate a unique password specifically associated with that account. Just name the app, click generate, and save that password for the next time you have to log in.
Go to the Amazon homepage and log in. Hover over Accounts & Lists and click on Your Account. A box labeled Login & Security will be at the top of the page; click on that and then click the Edit button on Advanced Security Settings. (You can also navigate directly to that page by following this link.)
Click Get Started and Amazon will walk you through the process of registering your phone number, or you can opt to use your preferred authenticator app by syncing it through a QR code.
You can also activate 2FA on both the Android and iOS Amazon app by tapping the hamburger menu on the left side and finding Account > Login & Security. The same Advanced Security Settings should be available for you to edit and toggle on 2FA.
Once your phone number or authenticator app has been verified, you can select trusted devices to bypass 2FA or generate a code to log in via a mobile app.
The easiest way to turn 2FA on across your Google accounts (i.e., Gmail, YouTube, or Google Maps) is by heading over to the main 2FA landing page and clicking Get Started. You’ll be asked to log in, then to enter a phone number; you can then choose whether you want to receive verification codes by text message or phone call. You can also choose to use prompts that allow you to simply click “Yes” or “No” when a login attempt occurs, or generate a security key link.
You can also generate backup codes for offline access. Google generates ten at a time and they’re designed to be single-use, so once you’ve successfully used one, cross it out (assuming you’ve printed them out) as it will no longer work.