CollinsTwo Factor Authentication: Any account you have on the internet is vulnerable to being hacked. Following a series of high-profile data breaches in recent years, tech companies have been collaborating to create a standard that would make passwords obsolete, replacing them with more secure methods such as biometric or PIN-based logins that do not require data to be transferred over the internet.
However, while such standards are still being accepted, two-factor authentication, or 2FA, is the next best option to secure your accounts. This is a method that offers the account owner (you) secondary access to web services in order to verify a login attempt. This usually includes a phone number and/or an email address. This is how it works: when you log in to a service, you use your phone to verify your identity by either clicking on a texted/emailed link or punching in a number supplied to you by an authenticator app.
AUTHENTICATOR APPLICATIONS: WHAT ARE THEY?
Texting is regarded as less secure than using authenticator apps. They also provide flexibility when traveling to a location where a cellular connection is unavailable. Authy, Google Authenticator, Microsoft Authenticator, and Hennge OTP are all popular solutions (iOS only). When adding a new account, most of these apps use the same process: you scan a QR code associated with your account, and it is saved in the app. When your service or app asks for a numerical code the next time you log in, simply launch the authenticator app to find the randomly generated code required to pass past security.
While two-factor authentication (by text, email, or an authenticator app) may not totally protect you against hackers, it is a vital step in preventing unauthorized people from accessing your account. Here’s how to add two-factor authentication to all of your online accounts. (The services are listed in alphabetical order.)
AMAZON
Log in to Amazon.com’s home page. Hover your mouse over “Accounts & Lists” and select “Account.” At the top of the screen, there will be a box labeled “Login & security,” so click that and then the “Edit” option on “Two-Step Verification (2SV) Settings.” (You may be prompted to retype your password.) You can also go straight to that page by clicking on this link.
Click “Get Started,” and Amazon will lead you through the process of registering your phone number or connecting your preferred authenticator app with a QR code.
On both the Android and iOS Amazon apps, press the three-line “hamburger” menu on the left side and select “Your Account” > “Login & security” to enable 2FA. You should be able to edit and toggle on 2FA using the same “Two-Step Verification (2SV) Settings” selection.
You can choose trusted devices to avoid 2FA or generate a code to log in using a mobile app once your phone number or authenticator app has been validated.
APPLE
Apple users can use two-factor authentication on iOS 9 and later, as well as macOS X El Capitan and later.
IOS
Depending on how recent your iOS software is, the instructions will alter significantly. Go to “Settings” > [Your Name] > “Password & Security” > “Two-Factor Authentication” > “Two-Factor Authentication” > “Two-Factor Authentication” > “Two-Factor Authentication” > “Two-Factor Authentication” > “Two-Factor Authentication” > “Two-Factor Authentication” When you enable 2FA, you’ll get a text message with a code every time you log in.
If you’re running iOS 10.2 or earlier, go to “iCloud” > “Apple ID” > “Password & Security.”
MACOS
The instructions vary significantly depending on the version of macOS you’re using. If you’re on Catalina or later, go to the upper-left corner of your screen and click the Apple icon, then “System Preferences” > “Apple ID.” Select “Turn On Two-Factor Authentication” under “Password & Security” under your name.
READ ALSO: Apple announces iPadOS 15 with homescreen and multitasking improvements
After clicking the Apple symbol on Mojave or earlier, go to “System Preferences” > “iCloud” > “Account Details.” (You can abbreviate this step by using Spotlight to type in “iCloud.”) You’ll find the option to enable 2FA under “Security.”
The rest of the instructions are the same whether you’re using an iPhone or a Mac. You can choose to get a six-digit verification number via text message or phone call from Apple. Physical security keys are not supported by macOS system preferences, although you may be able to set one up using the security key’s software if you choose to use one.
DROPBOX
Go to the “Security” tab from your Dropbox homepage on the web by clicking your profile avatar and selecting “Settings.” Locate “Two-Step Verification,” which will inform you of the status of your two-factor authentication. Toggle the feature on and select whether you want to receive 2FA through text or your authenticator app.
The app and the web have slightly different ways of accessing Facebook’s two-factor authentication settings (and Facebook tends to update both layouts often).
On the mobile app, touch the hamburger icon in the upper-right corner (Android) or the lower-right corner (iOS) to access your privacy settings, then scroll down to the bottom to find the “Settings & Privacy” menu. Select “Use two-factor authentication” from the “Settings” > “Security and Login” menu.
A text message, an authenticator app, or a security key are all options.
On the web, select “Settings & Privacy” > “Privacy Shortcuts” by clicking the down arrow in the upper-right corner. Look for the heading “Account Security” and select “Use two-factor authentication.”
Additionally, for apps that do not support two-factor authentication, You can generate a unique password exclusive to that account while entering in with a Facebook account (such as Xbox or Spotify). Select “Settings & Privacy” > “Settings” from the initial down arrow, and then “Security and Login” > “App passwords” (under the “Two-Factor Authentication” subhead) from the menu on the left. You’ll be able to name the app, click generate, and save the password for the next time you need to log in after submitting your Facebook login. You can choose specific iterations of the program (say, on your laptop) where you can forgo the login code under the same “Two-Factor Authorization ” subhead.
FITBIT
Fitbit only recently integrated 2FA — in fact, the feature was still rolling out as this was written — but we haven’t seen it yet, so we can’t verify these steps. However, assuming you have access to the new feature, here’s how you use it:
To enable 2FA for your Fitbit, go to your app’s “Today” tab and then press on your profile image. Turn on 2FA by going to “Account Settings” > “Two Factor Authorization.” Fitbit will text you a verification code, which you must input along with your password to gain access. (Unfortunately, Fitbit does not offer an authenticator app and instead relies on SMS messages for authentication.)If you lose or change your phone, Fitbit provides you with a recovery code. The firm suggests that you keep that code secure; if you lose it, you may receive a new one by turning off 2FA in the app and then turning it back on again.
Going to the main 2FA landing page and selecting “Get Started” is the simplest approach to enable 2FA across all of your Google accounts (e.g., Gmail, YouTube, or Google Maps). You’ll be prompted to check-in before selecting your mobile device from a drop-down menu. (You may need to download a second app if you have an iPhone.) If Google is able to send a message to that phone, you will be prompted to provide a phone number, after which you will be given the option of receiving verification codes through text message or phone call. Google will try out your chosen strategy once more. When a login attempt is made, Google will initially send prompts to your phone, allowing you to simply select “Yes” or “No.” If it doesn’t work, a text message or phone call will be sent. You can also create backup codes for use when you’re not connected to the internet. Google generates ten codes at a time, and they’re meant to be used once, so once you’ve used one, cross it out (assuming you’ve printed them) because it won’t work again.
Instagram launched two-factor authentication to its mobile app in 2017, but you can now use it on the web as well.
On your mobile app, go to your profile and pick the hamburger menu in the upper-right corner to enable 2FA. Look for a menu item for “Two-Factor Authentication” under “Settings” > “Security.”
You have the option of using text message verification or having a code issued to your authenticator app.
Log in to Instagram, click on your profile symbol in the upper-right corner, and select “Settings” from the drop-down menu to enable 2FA. When you click this, a settings menu will appear, with the same “Privacy and Security” section as the app. From here, you may enable 2FA and select your verification method, just like in the app.
MICROSOFT
Log in to your Microsoft account and select “Security settings” from the drop-down menu (there are several ways to get there; click on the link for the easiest). Find the “Two-step verification” area and click the “Setup” option. You’ll be guided through the steps for using the Microsoft Authenticator app or another authentication tool. You’ll also be able to create passwords for apps that don’t support two-factor authentication.
NEST
Smart home devices, such as Nest, are not immune to hacking. Current Nest customers will have signed in with their Google accounts and will be using Google’s two-factor authentication feature (see above).
You may still be able to utilize 2FA if you haven’t yet migrated your existing Nest account to your Google account. Select two-step verification from the home screen’s “Settings” > “Account” > “Manage account” > “Account security.” Toggle the switch to the on position. Your password, phone number, and the verification code that will be given to your phone will be asked for in a sequence of prompts.
Keep in mind that you’ll have to sign in again using two-step verification because all of your devices will be automatically signed out.
If all of your family members don’t have their own logins and have been using yours, it’s a smart idea to use Family Accounts to set them up with their own. If they try to log in using two-step verification, the required code will be delivered to your phone rather than theirs.
PAYPAL
Click the gear button on the main Summary page and select the “Security” option. Look for the “2-step verification” section and click the “Set Up” link. You’ll have the option of having a code emailed to you or using an authenticator app. (If you desire, PayPal will help you find an authenticator app.)
Return to this menu to make changes if you lose your phone, change your phone number, or decide to remove permission rights.
If you use PayPal as a business account, you’ll notice that the interface is different. Click the gear icon on the main “Summary” page to go to the “Settings” page. Look for the “Security Key” option under “Login and Security” to add your phone number or a security key as your 2FA method.
RING
Make sure your Ring app is up to date, much like your Nest app. Swipe over to the left, then select “Account” > “Two-Step Verification” (under “Account Security”). Turn on two-factor authentication by pressing the large “Turn on two-factor authentication” button. Your password, phone number, and the verification code that will be given to your phone will be asked for in a sequence of prompts.
When you log in to Ring from a new device after that, you’ll need both your password and an SMS verification code. You can also choose to have the codes emailed to you instead of transmitted over SMS.
SIGNAL
Signal uses a PIN instead of typical 2FA. To go to the “Settings” section, pick your profile symbol in the upper-left corner, then “Account.” If you turn on “Registration Lock,” you’ll have to enter your PIN every time you re-register your phone number (which you were asked for when you originally registered). Your PIN must be at least four digits long, with a maximum of twenty digits.
For the first six and twelve hours after enabling Registration Lock, Signal will require you to key in your PIN. According to the company, this is done in order to help you remember it through random recurrence. So, after the first day, it will prompt you to enter it again the next day, then three days later, then a week later, and eventually 14 days later.
If you forget your PIN and can’t log in to Signal, you’ll have to wait seven days for your registration lock to expire, following which you’ll be able to set up a new PIN by logging in to your app again. Signal users won’t have to worry about the Registration Lock resetting because the clock only starts when the app isn’t open.
SLACK
You must first locate the “Account Settings” page in order to enable 2FA. This can be accessed in two ways:
In the Slack app, open a drop-down menu by clicking on your username or profile image, and then choosing “View profile.” On the right side of the chat window, your account information will now appear. Click the three-dot icon for more actions under your avatar, next to the “Edit Profile” button, and pick “Account settings.” You can also go to my.slack.com/account/settings directly.
The option for “Two-Factor Authentication” should appear right away.
Check whether your Slack account is for work if you don’t see the option for 2FA. Some workplaces may use single sign-on systems that eliminate the requirement for 2FA, making this option unavailable on Slack’s Account Settings page.
If this is a personal Slack, however, click “Expand” next to “Two-Factor Authentication” and then “Set Up Two-Factor Authentication” to have your information verified via SMS or an authenticator app. You may need to provide a default email address if you have numerous email addresses before you can choose your preferred 2FA option.
SNAPCHAT
To access your settings, press your profile symbol and then the gear icon from the app’s primary camera screen. Choose between receiving a text message verification or connecting it to your authenticator app under “Two-Factor Authentication.”
After you’ve enabled 2FA on your Snapchat account, you’ll be able to add trusted devices and request a recovery code in case you’re going somewhere without cellular service. Snapchat does not appear to support security-key logins at this time.
TIKTOK
To enable two-factor authentication on TikTok (assuming you’re using a mobile device), press your profile symbol in the lower right corner, then the three dots in the upper right corner. You’ll find “2-step verification” under “Security and login.” TikTok provides the option of receiving a verification number via text message or email.
Select “Settings and privacy” from the three-line “hamburger” icon at the top left of the screen on the Twitter mobile app. Navigate to “Account” > “Security.” Follow the on-screen instructions for “Two-factor authentication.”
On the browser, go to the left-hand menu and select “More,” then “Settings and privacy.” Select “Security and account access” from the drop-down menu (or you can just follow this link). “Security” > “Two-factor authentication” should be selected.
Once you’ve completed the setup, Twitter will ask you to authenticate your account using an authenticator app or a text message with a code provided to your phone. Twitter has also added support for security keys.
You can generate a backup code to use when you’re traveling and won’t have access to the internet or mobile service, just like the other services described above. There may also be an option to generate a temporary app password that you may use to log in from different devices. If you have third-party apps linked to your Twitter account, you can use this to log in. The temporary password will expire one hour after it is created.
Open WhatsApp and tap the upper-right dots symbol to access the “Settings” section. Look for “Account” > “Two-step verification” > “Enable” under “Account.” As a form of verification, the app will require you to enter a six-digit PIN. In case you forget your PIN, you can add an email address.
It’s crucial to have an email associated with your WhatsApp account since you won’t be able to reverify yourself if you haven’t used WhatsApp in the last seven days and have forgotten your PIN. If you can’t wait a week to reverify, having an email address on file will allow you to log in or disable 2FA. In a similar vein, be wary of mailings asking you to disable 2FA if you didn’t request it.
WERE YOUR FAVORITE APPS MISSED?
For additional information, see the 2FA Directory, which categorizes and identifies firms that accept 2FA and allows you to request that 2FA be added to a company via Twitter, Facebook, or email.
Finally, while enabling 2FA to all of your accounts is a terrific way to add an extra layer of security, you should still change and update your passwords on a regular basis, even if 2FA is enabled. If that is
Collins