How to Set Up Two-Factor Authentication

Leo has talked a lot on the Tech Guy show about using two factor authentication wherever possible to ensure the security of your online accounts. Two factor authentication requires more than just a 1 factor to login. This could include two of the following: something you are (such as biometrics like fingerprints or iris scans), something you know (a password), or something you have (a smartphone or hardware key). This could be called many things, including “Two-Step Verification” and “Two-Factor Authentication” depending on the site. The early versions of two factor authentication used SMS, and would text the code to your phone, but it turns out this practice is not very secure and many of the major sites are not recommending it anymore. It’s easy for hackers to spoof phone numbers, and if someone were able to do that, they could then have the two factor code sent to them instead of you. It’s far better to use an authenticator app instead. Here’s how to set up and use 2-step verification safely on some of the major sites:

Google

To set up the authenticator on your Google account, you’ll need to get the Google Authenticator app from the App Store. Then go to Gmail (or any signed in Google page) and click on your profile icon in the upper right corner. Choose My Account, then click Sign-in & Security. You’ll see a section titled Password & sign-in method, which is where you can specify the 2-step verification method. You can add the Google Authenticator app as an option, but there’s also a newer feature called Google Prompt. If you add this as an option, and install the official Google app, Google will send a notification to your phone asking whether or not you’re attempting to sign in. Tapping “yes” will then sign you in, without having to deal with any codes at all.

- Get Google Authenticator for iOS or Android
- Get the Google app for iOS or Android

Google also just announced Advanced Protection, which is the strongest possible security Google offers. This is intended for those at higher risk, such as business leaders, journalists, political campaign teams, and more. Google will provide you with a physical key that’s required to log in, which means that other two factor apps will not work. It also limits access that third party services can have to Gmail. Find out more about Google Advanced Protection here.

Outlook

Sign into your Outlook.com account, then click on your name in the upper right corner of the page, and click View Account. Click on Security, and then find the link that says Explore more security options underneath the basic options. If you haven’t set up two factor authentication yet, you can click the link to do that. If you already have it, you can switch to the Microsoft Authenticator by clicking Set up identity verification app.

- Get Microsoft Authenticator for iOS or Android

Apple iCloud

Log into your account at appleid.apple.com, then look for Two-Factor Authentication under Security. This will ask you to verify your location and send a code to your other Apple devices.

Facebook

Sign into your account, and go to settings. Choose Security and Login and look for Use two-factor authentication in the Setting Up Extra Security section. Make sure the Code Generator is enabled. You can then use the Facebook mobile app to approve sign-ins on the web, or you can set it up to use a third party authentication app to generate codes.

Twitter

Sign into your account, click on your profile icon at the top of the page, and click on Settings and privacy. Under the Security heading, click the checkbox next to Verify login requests. You’ll first need to verify your mobile phone number, and then you can click Setup a code generator app. Then just scan the QR code with your third party authenticator app.

Amazon

Sign into your account, and click Your Account. Click Login & security and click Edit next to Advanced Security Settings. When you set up two-step verification, you can choose to put in a phone number or use a third party authentication app like Google Authenticator or Microsoft Authenticator.

LastPass

Sign into your account at lastpass.com, then click Account Settings at the bottom left corner of the page. Then click Multifactor Options to get a list of possible authenticator apps you can use. Click the pencil icon to get into the options for one that you’d like to use, and enable it. In addition to using an app, you can actually print out a grid on paper that can be used for logging in. If you have LastPass Premium, you can even use a hardware USB device like a YubiKey to generate one time verification codes. There’s also software called Sesame that can be placed on a USB key that you already own.

Other Two-Factor Apps

There are some third party apps that work with all of the common websites and services, and offer effective and convenient security. LastPass has a free app called Authenticator. This supports multiple login options, including sending a push notification that you can simply tap to approve a login attempt. Another app that does this is Duo Security, which is also free and lets you approve logins with push notifications.