Two-Factor Authentication: How to set it up

In a world of online connectivity, smarter hacking techniques and obvious privacy concerns, passwords are no longer considered the strongest link in account security. Understating customers’ need for extra protection, Google, Twitter, Facebook and other popular services added a new layer of security to their accounts by implementing two-factor authentication.

Two-factor authentication is a security feature that requires users to confirm their identity by entering a code sent to a device after signing in. As with many banking services, the extra step is meant to double access strength and reduce the risk of data thieves breaking into people’s accounts, even if their password is stolen or cracked.

Here is a step by step guide to adding two-factor authentication to your frequently used services.

Google

If someone breaks into your Gmail account he can buy apps on Google Play, hijack Google+ accounts and access your confidential Google Drive documents, so here’s how to set a second line of defense:

1. Go to the Sign in page and enter your credentials to login.
2. Go to the Account Settings page> Security tab.
3. Next to 2-Step Verification click Enable and then, Start Setup.
4. Confirm your phone number and choose how to receive your code (SMS or Voice Call).
5. Enter the verification code sent to your phone.
6. Decide whether to Trust this computer if you want to login on that device without the codes and press OK to finish the setup.

But what if you lose or misplace your phone? To generate codes when you can’t access your device, you can send codes to a backup phone number, print up to 10 unique backup codes (one for every login) or you can register the device (computer, tablet, phone) you frequently use and skip the code-generating process.

If you lack an Internet connection or service, Google recommends installing the Google Authenticator mobile app, which generates the codes you need. Go to the web-based account, find security settings and click Switch to app. After choosing the device’s operating system, link the account by scanning a QR code or manually. If you have no barcode scanner installed, click the option Can’t scan the barcode. A new key will be displayed. Insert it in the mobile app by selecting the option Enter Key Provided> Add.

If you have multiple Google accounts, you will need to sign into each of them from a computer to set up the service for all of them.

Facebook

Facebook’s Login Approvals can be implemented as follows:

1. Sign in and open the account dropdown menu> Settings> Security Settings.
2. Click Edit next to Login Approvals and check the option Require a security code to access my account information from unknown browsers.
3. Press Get Started in the pop-up window and follow the onscreen instructions.
4. Enter your phone number if you haven’t done so.
5. You’ll get a text message with a six-digit code. Enter it using your web-based account and wait for confirmation.

For its mobile app for Android and iOS, Facebook provides users with two other options: to activate a code generator or use App Passwords, which sets a one-time password for other apps using Facebook, such as Skype, Xbox and Spotify, which can’t use Login Approvals but still benefit from Facebook access.

Twitter

Twitter is a very public place, but you don’t want strangers posting on your behalf. To tighten your security:

1. Enter your Twitter account> go to the Security and Help tab> Settings> Security and Privacy.
2. Check one of the two options under Login Verification> Send login verification requests to my phone, or to Send login verification requests to the Twitter app.
3. Your phone number must be linked to your account to enable the service. Go to the Mobile section and enter your phone number, if necessary (skip this step if you have done it). Send a text message to 89338 and you’ll receive a reply confirming your activation. Note: carrier rates may apply.
4. Click Yes to test if you have activated your mobile phone
5. Re-enter your Twitter password and you’re set.
6. If you opted for Send login verification requests to your Twitter app and are an Android or iOS user:
7. Open your Twitter mobile app, go to Settings and click your account name to find the Security section.
8. Enable Login Verification. You will receive an extra code in case you lose your device.

To use Twitter on other devices or applications that require your Twitter credentials, such as Twitter for Mac, users need to use a temporary password. Twitter detects if a password is needed and sends it via a text message. Users can generate it themselves by going to the Password tab in their web-based account, clicking Generate, entering the account password and pressing Generate again. The 12-character combination of letters and numbers is valid for only an hour.

Read more about securing your Twitter account.

Dropbox

Acting as a safety net against data loss hazards, Dropbox stores your most intimate pictures or work files in the cloud. Some of them are unrepeatable, so make sure your data remains safe:

1. Sign in with your Dropbox username and password.
2. Click your Dropbox account name> Settings and select Security tab.
3. Under the Two-step verification section, click Enable.
4. Press Get Started and follow the onscreen instructions.
5. Enter your Dropbox password and choose how to receive your security codes, via text messages or using a mobile app code generator.
6. Enter your mobile phone number to receive an SMS with a security code on your phone.
7. After entering the code on your web-based account, choose a backup phone number in case you lose your primary phone.
8. You also receive an emergency 16-digit backup code to disable the two-step verification feature, if needed.

To access the Dropbox mobile app, users will need to scan a QR code, provided by a third-party authentication app such as Google Authenticator.

Yahoo

Implemented in 2011, Yahoo’s second sign-in verification feature has been updated to make the process as simple as possible:

1. Login and go to Profile Settings> Account Settings.
2. Find the Sign-in and Security section and click Set up your second sign-in verification.
3. After confirming your current phone number, you’re done.

You will also see a pop-up message saying that certain apps don’t work with this feature and you will need app-specific passwords to login. To solve this issue, a new option, Manage your app passwords, will appear in your Sign-in and Security list.

Interestingly enough, Yahoo still gives users the option to lock their accounts with security questions and doesn’t provide the option to use a third-party authenticator app.

PayPal

Financial services carry highly sensitive information. PayPal locks this information with security key that can be issued by a small token or the user’s mobile device (free of charge).

1. Visit PayPal’s Security Key page and click Get extra protection with a PayPal Security Key now, located at the bottom of the page.
2. Login with your PayPal credentials, if you are not signed in.
3. Choose to order a security key, use security codes sent to phone or set up a security device.
4. If you choose to receive the code on your phone, press the Order button under Register your phone.
5. Enter your phone number to receive a six-digit security code which needs to be activated.

PayPal also offers email authentication to clearly identify its emails to email providers, such as Yahoo! Mail, and help prevent phishing scams.

Apple

The Apple ID is the key to many Apple-related things, including music, books or app purchases, so enhancing account protection should not be disconsidered:

1. Sign in with your Apple ID.
2. Go to Password and Security.
3. Under Two-Step Verification, select Get Started and follow the onscreen instructions.
4. You can receive a 4-digit verification code using either SMS or Find My iPhone.
5. Insert the code in your account to verify your identity.

You will also get a 14-digit Recovery Key in case you lose your device or forget your password. As a basic security measure, Apple may not allow two-step verification if significant changes were recently made to user’s Apple ID account information, including a password reset or new security questions.

Do you currently use or plan to enable this feature to secure one or more of your accounts?