To enhance the safety of your online presence you should arm your online accounts (email, social media etc) with a security process known as Multi-Factor Authentication (MFA) or also referred to as Two-Factory Authentication (2FA). MFA/ 2FA creates extra security layers between the you and the account you are trying to access by requiring two or more separate steps to verify their identity. These ‘steps’ can be broken down into three main categories*:
Something you know: password, PIN, security questions, username, etc.
Something you have: smartphone, One Time Password (OTP), token, etc.
Something you are: biometrics (fingerprint, facial/voice recognition), etc.
*A 4th authentication layer may restrict access according to the user’s location or time of login
For example: In the event a hacker correctly guesses your password i.e. something you know, MFA will require an additional step for the user to prove their identity. Maliciously gaining control of someone’s account becomes much more difficult if one of your authentication steps require a token physically possessed by the proper user.
Thanks to the folks at Verge for compiling this list for Multi Factor Authentication on various platforms.
Two-factor authentication is currently offered to Apple users on iOS 9 and later or macOS X El Capitan and later.
The steps are slightly different depending on how updated your iOS software is. For those using iOS 10.3 or later, you can enable 2FA on your Apple ID by going to Settings > [Your Name] > Password & Security. Turn on 2FA to receive a text message with a code each time you log in.
For those using iOS 10.2 or earlier, the settings are under iCloud > Apple ID > Password & Security.
Again, steps are slightly different depending on your version of macOS. If you’re using Catalina, click the Apple icon on the upper-left corner of your screen, then click System Preferences > Apple ID. Click on Password & Security under your name, and then select “Turn On Two-Factor Authentication.”
For Mojave and earlier, after you click the Apple icon, click System Preferences > iCloud > Account Details. (You can shorten this step a bit by typing in “iCloud” using Spotlight.) Click on Security, and you’ll see the option to turn 2FA on.
The remainder of the steps, from either iOS or Mac, are the same. You can opt for Apple to send you a six-digit verification code by text message or a phone call. You can also set up a physical security key here.
Instagram added 2FA to its mobile app in 2017, but now you can also activate it through the web.
To activate 2FA on your mobile app, head over to your profile and click the hamburger menu on the upper-right corner. Look for “Settings” > “Security,” where you’ll find a menu item for Two-Factor Authentication.
Here, you can choose between text message-based verification or a code sent to your authentication app.
To turn on 2FA using the web, log in and head to your profile. Next to your profile name and the Edit Profile button, there is a gear icon. Clicking this will pop open a settings menu, where you can find the same Privacy and Security section as on the app. From here, you can turn on 2FA and, just as in the app, choose your method for verification.
The way to access Facebook’s 2FA settings is a bit different on the app and the web (and Facebook tends to update both layouts often).
You can access your privacy settings on the mobile app on both iOS and Android by clicking the hamburger icon on the upper-right corner and scrolling down to the bottom to find the “Settings & Privacy” menu. Tap “Settings” > “Security and Login” and scroll down to “Use two-factor authentication.”
Like Instagram (they are part of the same company, after all), you can opt for a text message or an authentication app.
On the web, click the down arrow in the upper-right corner, and select “Settings & Privacy” > “Privacy Shortcuts.” Look for the “Account Security” heading and click on “Use two-factor authentication.”
If you prefer to not use 2FA each time you log in from the same device (say, your personal laptop or phone), you can also set up your trusted devices under the Authorized Logins menu. To find it from the original down arrow, select “Settings & Privacy” > “Settings” and then, from the menu on the left, “Security & Login” > “Authorized Logins.” This will allow you to bypass 2FA for devices currently logged in to your Facebook account. If you’ve logged into Facebook on a foreign device — say, a hotel computer while you were on vacation — you can also revoke that access through this setting.
Additionally, for apps that don’t support 2FA when logging in with a Facebook account (such as Xbox and Spotify), you can generate a unique password specifically associated with that account. Just name the app, click generate, and save that password for the next time you have to log in.
On the Twitter mobile app, tap your profile avatar and find the “Settings and privacy” menu. Go to Account and look for the Security subhead. Click on “Two-factor authentication” and follow the directions.
On the web, click on “More” in the left-hand menu and find “Settings and privacy” > “Account.” (Or you can just follow this link.) Select “Security” > “Two-factor authorization.”
Once you’re all set up, Twitter will either ask for verification through an authentication app, or you will text a code number to your phone number when you want to log in. Twitter has also added security key support. (Security keys can’t be used with the mobile apps.)
As with other services mentioned above, you can generate a backup code to use when you’re traveling and will be without internet or cell service.
If you have a verified Twitter profile, you may see the option to create a temporary app password that you can use to log in from other devices. This can be used to log in to third-party apps if you have them linked to your Twitter account. Note that the temporary password expires one hour after being generated.
Go to the Amazon homepage and log in. Hover over “Accounts & Lists” and click on “Your Account.” A box labeled “Login & Security” will be at the top of the page; click on that and then click the Edit button on “Two-Step Verification (2SV) Settings.” (You may be asked to reenter your password first.) You can also navigate directly to that page by following this link.
Click Get Started, and Amazon will walk you through the process of registering your phone number, or you can opt to use your preferred authenticator app by syncing it through a QR code.
You can activate 2FA on both the Android and iOS Amazon app by tapping the hamburger menu on the left side and finding “Your Account” > “Login & security.” The same “Two-Step Verification (2SV) Settings” selection should be available for you to edit and toggle on 2FA.
Once your phone number or authenticator app has been verified, you can select trusted devices to bypass 2FA or generate a code to log in via a mobile app.
The easiest way to turn 2FA on across your Google accounts (i.e., Gmail, YouTube, or Google Maps) is by heading over to the main 2FA landing page and clicking “Get Started.” You’ll be asked to log in then select your mobile device from a list. (If you have an iPhone, you may have to download a separate app.) Google will try to send a message to that phone; if it succeeds, you will be asked to enter a phone number; you can then choose whether you want to receive verification codes by text message or phone call. Again, Google will try out your chosen method.
After that, Google will first send prompts that allow you to simply click “Yes” or “No” when a login attempt occurs. If that doesn’t work, it will send the text message or phone call.
You can also generate backup codes for offline access. Google generates 10 at a time and they’re designed to be single-use, so once you’ve successfully used one, cross it out (assuming you’ve printed them out) as it will no longer work.
From the app’s main camera screen, tap your profile icon and find the gear icon to access your settings. Select “Two-Factor Authentication” and choose whether to receive a text message verification or hook it up to your authenticator app.
Once 2FA has been enabled on your Snapchat account, you can add trusted devices or request a recovery code for when you’re planning to be somewhere without cellular service. Unlike other services on this guide, Snapchat does not seem to currently support security key logins.
To enable 2FA, you’ll first need to find the Account Settings page. There are two ways to access this:
- Click on your username on the upper-left corner of the Slack app to open a drop-down menu and select “View profile.” Your account information will now display on the right side of the chat window. Under your avatar and next to the “Edit Profile” button, click the three-dotted icons for additional actions, and find “Account settings.”
- Head straight to my.slack.com/account/settings
Once on the Account Settings page, you should see the option for turning on 2FA under Password. If you do not see this available, however, check whether your Slack account is for work. Some employers may use single sign-on services that bypass the need for 2FA, which eliminates this from Slack’s Account Settings page.
If this is a personal Slack, however, then click “Expand” on “Two-Factor Authentication” to verify your information by an SMS or authenticator app. If you have multiple email addresses, you may need to select a default one before you can decide on your preferred 2FA method.
Log in to your Microsoft account and find the “Security settings” menu. Look for the “Two-step verification” section and click on the setup link. You’ll be walked through the steps needed to use your phone number, similar to the process outlined for the other services. For when you lack cell service, click “App passwords” to generate a unique, one-time-use password to log in.
From your Dropbox homepage on the web, click your profile avatar and find Settings; then go to the Security tab. Find Two-Step Verification; it will tell you the status of your 2FA. Toggle to turn the feature on and choose to receive 2FA through a text or your authenticator app.
Open up WhatsApp, and find the Settings menu under the upper-right hamburger icon. Look under “Account” > “Two-step verification” > “Enable.” The app will ask you to enter a six-digit PIN to use as verification and optionally add an email address in case you forget your PIN.
Having an associated email with your WhatsApp account is important since the service won’t let you reverify yourself if you’ve used WhatsApp within the last seven days and have forgotten your PIN. So if you can’t wait a week to reverify for whatever reason, it’s helpful to have entered an email address so you can log yourself in or disable 2FA. In the same vein: be cautious of emails encouraging you to turn off 2FA if you didn’t request it yourself.
On the main Summary page, click the gear icon and find the Security tab. Look for the section called “2-step verification” and click on the Set Up link. You’ll get a choice to have a code texted to you or use an authenticator app. (PayPal also offers to find you an authenticator app if you want one.)
If you lose your phone, change numbers, or decide to revoke authorization rights, come back to this menu to make adjustments.
Note that the interface is different if you use PayPal as a business account. From the main Summary page, click the gear icon to be taken to the Settings page. Under Login and Security, look for the Security Key option to add your phone number or a security key as your 2FA method.
Smart home products like Nest are not exempt from getting hacked — in fact, Nest now strongly encourages its users to enroll in 2FA. For Nest, make sure your app is up to date on all of your devices. Then, on the home screen, go to Settings > Account > Manage account > Account security, and select two-step verification. Toggle the switch to on. A series of prompts will ask for your password, phone number, and the verification code that will be sent to your phone.
Keep in mind that all of your devices will be automatically signed out, so you’ll have to sign in again using the two-step verification.
If all your family members don’t have their own logins and have been using yours, it’s a good idea to set them up with separate logins using Family Accounts. Otherwise, when they try to log on using two-step verification, the necessary code will be sent to your phone, not theirs.
Like with Nest, make sure your Ring app is up to date. Swipe over from the left, then go to “Account” > “Two-Factor Authentication” (you’ll find it under “Enhanced Security”). Tap the big “Turn on two-factor” button. A series of prompts will ask for your password, phone number, and the verification code that will be sent to your phone.
From then on, you’ll need both your password and an SMS verification code whenever you want to log in to Ring from a new device.
Click your profile icon on the upper-left side and find “Privacy.” Look for “Registration Lock” to require your PIN (which you were asked for when you originally registered) to be entered each time you re-register your phone number. Signal requires your PIN to be at least four digits long, and up to a maximum of 20 digits.
When you first enable Registration Lock, Signal will ask you to type in your PIN in the first six and 12 hours after being enabled. The company says this is designed to help you to remember it through random repetition. So after the first day, it will ask you to enter it in the next day, then in three days, and finally one last time after a full week.
If you happen to forget your PIN and can’t log in to Signal, you will have to wait seven days of inactivity for your registration lock to expire, after which you can log in to your app again to set up a new PIN. Those who are already actively using Signal won’t have to worry about the Registration Lock resetting, as that clock only starts when the app isn’t open.