It's Time To Enable Two-Step Authentication On Everything. Here's How.

It's Time to Enable Two-Step Authentication on Everything. Here's How.

Yesterday's news that hackers might have stolen some seven million Dropbox credentials should have scared you into changing your password. And if you didn't already have two-step authentication enabled on your account, it should be pretty good reminder that you need to turn it on for every account possible.

If you're not worried about the security of your accounts, you're ignoring a serious threat that's confirmed by a never-ending deluge of security breaches. Two-step authentication is one of the best ways to prevent unauthorised access to your accounts, even if somebody manages to steal your password. Here's how to do it.

Two-step, or two-factor authentication protects your accounts by requiring you to provide an additional piece of information after you give your password to get into your account. In the most common implementation, after correctly entering your password, an online service will send you a text message with a unique string of numbers that you'll need to punch in to get access to your account.

The idea is that you're drastically more secure if somebody needs both your password and the physical phone to get access to your accounts. Add a passcode to your phone, and you're safeguarded against someone stealing both.

Is it perfect? No. But it's way better than just irrationally hoping nobody ever gets a hold of your password.

Below we've outlined the steps for locking down the most popular services that offer two-step authentication. Most of the services work basically the same way, but there's a little nuance to each, which we guide you through below. After each description is a link to each service's FAQ so you can get more detailed instructions if you want them.


It's Time to Enable Two-Step Authentication on Everything. Here's How.

Apple's two-step verification adds extra security to your Apple ID, and will help prevent people from making purchases in iTunes as well as unauthorised access to your iCloud account. To turn it on, log into My Apple ID, click Passwords and Security, and navigate to Enable two-step verification".

In addition to providing a phone number where you'll receive texts, Apple will also force you write down a recovery key that you'll need in the even that you forget your password. And, write it down, because on the next page, you'll be forced to prove you wrote it down. These codes, sometimes called backup codes, are important so you can access your account when you've lost your phone. [Apple]


It's Time to Enable Two-Step Authentication on Everything. Here's How.

Two-step verification on Google will protect you across all of Google's many services as well as with that use APIs to pull in Google data.

While logged into your Google account, click your avatar in the top right corner of any Google page, and navigate to your Account. At the top of the following page click Security, and then click Enable next to 2-step verification.

Note that because you probably use your Google account with lots of third-party apps like Gchat, you'll need to create an app-specific password for each of them. So if you want to log in to a new phone, or enable a new calendar application, you'll need to head back to the security page, click on App passwords, and let the system generate a key for every app you'd like to link. You only get to see these passwords once, so if you need to enter one again for whateverThis is also where you disable apps that you no longer use or trust.

Also, make sure to setup some backup codes. Don't get locked out of your email just because you left your phone at home. [Google]


It's Time to Enable Two-Step Authentication on Everything. Here's How.

Login into your account and navigate to the settings page from the drop-down arrow in the top right corner of the page. Under the Security tab click Edit next to the Login Approvals line. As with other Twitter and Microsoft, you can choose to receive SMS verification codes, or use the Facebook mobile app the verify your identity.


It's Time to Enable Two-Step Authentication on Everything. Here's How.

Login to your Microsoft account, and navigate to the tab for Security & password. Then, click Set up two-step verification and follow the instructions. In addition to an email/text message option, Microsoft will also give you the option of installing the Microsoft Account app on your phone, which will make authentication faster. If you only ever use one phone, this is probably worth doing.


It's Time to Enable Two-Step Authentication on Everything. Here's How.

Log in to your account, click your avatar in the top right corner and navigate to Settings. Under the Security tab, you'll be given two options for Login verification. Either you can use the standard text message method, or you can use the Twitter app to verify requests. [Twitter]


It's Time to Enable Two-Step Authentication on Everything. Here's How.

Login to your account and click Settings in the top right corner. Under the Security tab click Enable next to the line item that says Two-step verification. From the Security page you can also see which devices and desktop browsers have access to your account already, and revoke access if necessary. [Dropbox]


Login to your Yahoo account, and click your username in the top right corner to navigate to your profile information page. Under the Sign-in and Security heading, click Set up your second sign-in verification. As with your Google account, you'll need to create app-specific passwords for your mail clients, calendars and other apps that use you Yahoo account. [Yahoo]


It's Time to Enable Two-Step Authentication on Everything. Here's How.

Login into your account and click the settings cog. Under the Security Summery tab, click Enable beneath the Two-Step Verification line. Evernote, like Apple, will force you to store registration keys that will help you get into your account in the event that you forget your password or don't have access to your phone. [Evernote]


It's Time to Enable Two-Step Authentication on Everything. Here's How.

PayPal's Security Key works a little differently than the rest in that you've got an extra option. After logging into you account, click the settings cog in the top right corner of the page, and under the Security tab, click the Edit button next to the Security key line. Then click the link that says Get security key.

In addition to an option register your phone for standard text verification, PayPal also offers the option to purchase a physical hardware key that you use to unlock you account. That's not totally necessary for everyday users, though. [PayPal]



    My PayPal looks very different to this (more like 1998 Ebay)
    No Cog, and the security section takes me out of "my account" and tells me how wonderful PayPal security is.
    Looks like it's My Account > Profile > Security key - Add Key

    Edit: Have had a bad time getting the SMS tokens, so I've disabled this

    Last edited 29/10/14 11:47 am

    Be warned... If you enable PayPal security key you won't be able to use the PayPal app.... why? because they are stupid and haven't bothered to allow the app to work with a secure PayPal. I had to get rid of the security key because it was more of a hindrance than a benefit.

    This was a month or two ago so maybe they fixed it but I doubt it.

      "we're sorry but paypal security key is not supported in this version of the app, although will be coming soon."

      That said, "BeatTheQueue" works without a problem
      Edit Have had a bad time getting the SMS tokens, so I've disabled this

      Last edited 17/10/14 12:27 pm

      Yep, use paypal android app quite a bit. Had to turn off two factor authentication as well. Absolutely ridiculous.

    The two-factor authentication, though not a silver bullet, could be reliable when it comes with a reliable password. 2 is larger than 1 on paper, but two weak boys in the real world may well be far weaker than a toughened guy. Physical tokens and phones are easily lost, stolen and abused. Then the password would be the last resort. It should be strongly emphasized that a truly reliable 2-factor solution requires the use of the most reliable password.

    Using a strong password does help a lot even against the attack of cracking the stolen hashed passwords back to the original passwords. The problem is that few of us can firmly remember many such strong passwords.  We cannot run as fast and far as horses however strongly urged we may be. We are not built like horses.

    At the root of the password problem is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.

Join the discussion!

Trending Stories Right Now