Set up two-factor authentication on online accounts

Frequent news of security breaches of account details from popular websites reveal how vulnerable our online accounts are to hacking.  After numerous high-profile security leaks of passwords throughout last year, tech companies are now working together to develop a standard that would make passwords a thing of the past. User passwords have always been a chink in the armor of online security and there have been many attempts to replace them with more secure methods, such as biometric or PIN-based logins that do not require transferring data over the internet.

But while those standards are still being adopted, the next best way to secure your accounts is with two-factor authentication, or 2FA. This a process that gives web services secondary access to the account owner (you) in order to verify a login attempt. Typically, this involves a phone number and / or an email address. The 2FA works as follows: When you log into a service, you use your mobile phone to verify your identity by either clicking on a texted / emailed link, or by typing in a number sent by an authenticator app.

Authenticator apps are considered more secure than texting; in addition, they offer flexibility when you are traveling to a place without cellular service. Popular options include Authy, Google Authenticator, Microsoft Authenticator, or HDE OTP (iOS only). These apps mostly follow the same procedure when adding a new account: you scan a QR code associated with your account and it is saved in the app. The next time you log in to your service or app, it will ask for a numerical code; just open up the authenticator app to find the randomly generated code required to get past security.

While 2FA — via text, email, or an authenticator app — does not completely cloak you from potential hackers, it is an important step in preventing your account from being accessed by unauthorized users.

Here is how you enable 2FA on your various online accounts.

Google: The easiest way to turn 2FA on across your Google accounts (i.e., Gmail, YouTube, or Google Maps) is by heading over to the main 2FA landing page of Google and clicking Get Started. You will be asked to log in, then to enter a phone number; you can then choose whether you want to receive verification codes by text message or phone call. You can also choose to use prompts that allow you to simply click ‘Yes’ or ‘No’ when a login attempt occurs, or generate a security key link.

Microsoft: Log in to your Microsoft account and find the ‘Security settings’ menu. Look for the ‘Two-step verification’ section and click on the setup link. You will be walked through the steps needed to use your phone number. For  those times when you lack cell service, click ‘App passwords’ to generate a unique, one-time use password to log in.

Apple: For those using iOS 10.3 or later, you can enable 2FA on your Apple ID by going to Settings > [Your Name] > Password & Security. Turn on 2FA to receive a text message with a code each time you log in. For those using iOS 10.2 or earlier, the settings are under iCloud > Apple ID > Password & Security.

For macOS users, click the Apple icon on the upper left corner of your screen, then click System Preferences > iCloud > Account Details. Click on Security, and you will see the option to turn 2FA on.

You can then opt for Apple to send you a six-digit verification code by text message or a phone call. You can also set up a physical security key here.

Instagram: He popular app added 2FA to its mobile app in 2017, but now you can also activate it through the web. To activate 2FA on your mobile app, head over to your profile and click the hamburger menu on the upper right corner. Look for Settings, then Privacy and Security. The menu item for Two-Factor Authentication is located in the Security section. You can then choose between text message-based verification, a code sent to your authentication app, or one of Instagram’s pre-generated recovery codes. The last is most useful if you are traveling in a place where you lack phone service to receive texts.

To turn on 2FA using the web, log in and head to your profile. Next to your profile name, there is a gear icon next to the Edit Profile button. Clicking this will pop open a settings menu, where you can find the same Privacy and Security section as on the app. From here, you can turn on 2FA and, just as in the app, choose your method for verification.

Facebook: Accessing Facebook’s 2FA settings is bit different on the app and the web. You can access your privacy settings on the mobile app on both iOS and Android by clicking the hamburger icon on the upper right corner and scrolling down to the bottom to find the Settings & Privacy menu. Tap Settings > Security and Login. The 2FA option will be available under Setting Up Extra Security. You can then opt for a text message, an authentication app, or recovery codes for verification.

On the web, click the arrow next to the Help icon (a circle with a question mark inside) on the upper right side. Toward the bottom, you can find the Settings menu that can take you to the main page where you will find Security and Login on the left-hand side. Click on that, and then find the Two-Factor Authentication subsection.

Additionally, for apps that do not support 2FA when logging in with a Facebook account  you can generate a unique password specifically associated with that account. Just name the app, click generate, and save that password for the next time you have to log in.

WhatsApp: Open the Settings menu under the upper right hamburger icon. Look under Account > ‘Two-step verification’ > Enable. The app will ask you to enter a six-digit PIN to use as verification, and optionally add an email address in case you forget your PIN.

Having an associated email with your WhatsApp account is important since the service will not let you reverify yourself if you have used WhatsApp within the last seven days and have forgotten your PIN. So if you cannot wait a week to reverify for whatever reason, it is helpful to have entered an email address so you can log yourself in or disable 2FA.

TwoFactorAuth.org: For including 2FA to online accounts not listed above, visit the official website at TwoFactorAuth.org and check out the app or service you want to add 2FA to. The site links to every official guide for companies that support 2FA, and gives you the option to message the company on Twitter, Facebook, or email to add 2FA if it currently does not have it.