Protect all of your accounts with two-factor authentication
As with winter clothing, security is all about layers.
This post has been updated. It was first published on July 24, 2019.
Online security has never been more important, and if you think keeping all your accounts safe and secure is a big challenge, you’re definitely not alone.
But even if you feel comfortable with your passwords and you’ve managed to think of a different one for every account—an impressive feat to say the least—there are simple steps you can take to lay an extra layer of protection over your data. One of the most effective is enabling two-factor authentication (2FA) across all your apps and services.
How two-factor authentication works
The “two” is key in 2FA—it means that if someone wants to get into one of your accounts, they need not one, but two bits of information. A password counts as one, but it’s not enough. In addition to something you know—your password—two-factor authentication also requires “something you have.” This may be a code (sent to your phone via text message or from a code generator app) or a token you carry around with you, like a USB security key.
If you’re already dreading the idea and think this will make it too complicated to check your email every day, know that 2FA can be set to kick in only when you access your accounts from a new device. You can list your laptop and phone as “trusted devices” so they won’t prompt you to constantly look up codes or wait for texts when you log in from there. This can be comfortable but is also a great reason to protect your personal devices with strong PIN codes, passwords, and biometrics.
Two-factor authentication and two-step authentication are terms people often use interchangeably, and though they are very similar, they are not the same.
Two-step usually refers to two bits of similar information, like a passcode and a password, that you need to log into your account, and that you might get on the same device. Two-factor, meanwhile, typically requires two different devices or types of authentication, like a passcode and a fingerprint, making it much safer.
You only need to look at the number of data breaches that regularly hit the headlines to know how easily your password and email address can leak into the public domain. You can always take mitigating steps if one of these events affects you but, as with everything, pre-emptive action is the best option.
With 2FA, anybody who tries to log into your accounts using your credentials will need to provide a second bit of information they don’t have, so they won’t be able to get in. If this happens, platforms usually notify you of an unsuccessful attempt to access your account, which could be useful if you ever wonder about whether you need to take further steps to protect your data.
Still, using two-factor authentication doesn’t mean your accounts are suddenly unhackable or that you can let your guard down. Text messages can be intercepted, phones can be stolen, and it’s important that you think of 2FA as one part of an effective security strategy rather than a failsafe lock.
Setting up this extra layer of security across all your accounts is easy and shouldn’t take you long at all. It’s definitely worth a few minutes for some extra peace of mind.
Activating two-factor authentication in all of your accounts
Just about every major digital platform out there has a two-factor authentication option now. In some cases, you might actually get prompts to turn it on when you log in.
From your Google account on the web, click Security. Scroll down and under Signing in to Google, choose 2-Step Verification to start the setup process. You’ll be able to choose between receiving a code on your phone via SMS, getting a prompt on another of your devices, setting up an authenticator app, or a USB security key. The more methods you enable, the more chances you’ll have to recover your account in case you get locked out. Here you can also download a list of 10 single-use backup codes you can save in case you need to get into your account and all your other 2FA methods are unavailable.
If you have a Microsoft account, once you’ve logged in on the web, click Security and then Advanced security options—you can enable two-factor authentication from the next screen. Here, you’ll be able to choose from the same methods offered by Google, but you can also set up your account to send you a code over email to a secondary address of your choosing.
Microsoft accounts also let you go passwordless when using their authenticator app. Check out this guide where you can learn how to enable it.
For Apple accounts, there are a handful of ways you can turn on 2FA. If you’re on the web, you can sign into appleid.apple.com and click on Account Security. There, you’ll be able to add your phone number to receive a text or phone call with a code you’ll need in the future to access your account from a new device.
You can also enable two-factor authentication from your Apple devices. On your iPad or iPhone, open the Settings app, tap your name and then go to Password & Security. On macOS go to System Preferences, Apple ID, and then Password and Security. Once you get to that menu, tap or click on Turn on Two-Factor Authentication. You can also use your Apple devices using the same Apple ID to receive an automated code to help you with a new login.
2FA is also available on most social media accounts. Log into Facebook on the web, click the drop-down menu on the top right corner of the toolbar and click Settings and Privacy, and then Settings. On the right sidebar, go to Security and login and scroll down—under Two-Factor Authentication, click Edit to enable it. Follow the instructions and choose one or all of the 2FA methods Facebook has to offer: text message, authenticator app, security key, or recovery codes.
You can secure your Twitter account by enabling 2FA both on the web and on the app. On the web, click More on the left-hand sidebar and go to Settings and privacy. On the app, you can get to the same menu by tapping your avatar on the top left corner of the screen. Once you’re there, go to Security and account access, and then Security. Click or tap on Two-Factor Authentication to enable it and set up one or more methods.
When you access this menu from the web, Twitter also gives you the possibility to create temporary passwords, which will help you if you want to access your account on third-party apps but you don’t feel like revealing your credentials. To create one, just click on Temporary password, copy the code, and use it within one hour, after which, it will expire.
For Instagram, open the app, go to your profile tab and tap the menu button (three horizontal lines, top right). There, go to Settings, then Security, and finally tap on Two-Factor Authentication. On this menu, you can set up authentication apps and verification codes sent via text message. You can also link your Instagram account to your WhatsApp account so you can receive your codes through there—ideal if you’re abroad and only running on WiFi. To enable this option, make sure you’ve already enabled 2FA via text messaging and that the phone number associated with your accounts is the same. After that, just turn on the toggle switch next to WhatsApp and you’re set.
In Snapchat, tap the cog icon from your profile tab and you’ll see the Two-Factor Authentication option. The platform only offers 2FA through text messaging and authenticator apps, so we’d recommend you enable both in case you need to access your account and have no phone reception.
Open the TikTok app and on your profile tab, tap the menu button (three lines) on the top right corner of the screen, and go to Security and login. On the next screen, go to 2-Step Verification, and at the top, tap the Turn on button. TikTok has not elaborated a lot when it comes to the 2FA methods they currently offer their users, and at the moment of writing, you can only choose between getting a code sent to your email or to your phone via text message. Still, this is better than nothing, and hopefully, in the future, the platform will also add alternatives like prompts or authentication apps.
If you’re logged into the web platform, you can click your avatar, then Settings, Security, and Two-step verification. At first, you’ll only be able to choose between linking your account to an authenticator app or setting up codes via text messages. But once you pick one of the options, Dropbox automatically will show you a list of 10 backup codes to save, and give you the possibility to also set up a USB security key. You can also choose which will be your primary method for verification.
For WhatsApp, open the app and go to the main menu (three dots, top right). There, go to Account and then Two-step verification. At the bottom of the screen, tap Enable and follow the instructions. Meta’s messaging platform doesn’t give you too many options—the only 2FA method they offer is a secondary 6-digit code the app will require if you want to set it up on another device. Once you provide and confirm your code, WhatsApp will also ask you for an email address you’ll be able to use to recover your account in case you forget your code.
As you can see, two-factor authentication is just about everywhere and you should find the option fairly prominently displayed under any platform’s security options.
Where you won’t find two-factor authentication—at least not yet—is on media streaming services such as Spotify and Netflix. While we can’t speak for those services, it’s likely that the extra convenience of quickly switching between devices to listen to music or watch movies outweighs the security concerns of someone being able to binge-watch Stranger Things or listen to the complete works of Coldplay without your knowledge.
Where 2FA is available, switch it on, and pay attention to whatever backup login options there are (like security questions or a text message). After all, your accounts are only as strong as their weakest points.