Two-Factor Authentication

Lately there has been a big uptick in hacked social media accounts on Facebook and Instagram. Due to the difficulty in getting support on these platforms, it’s often very difficult to restore access to your account after a hack. Fortunately, Facebook and Instagram offer a feature called two-factor authentication (2FA for short) that significantly increases the security of your account, making it much harder for unauthorized users to login to your account. While Facebook and Instagram have been popular targets lately, two-factor authentication is a great tool to secure your accounts on other sites as well.

What is two-factor authentication?

Two-factor authentication requires two pieces of information to login to your account – something you know (your password), and something you have (a one-time code on your smartphone). The code can be delivered via a text message or with an app on your phone, and they change frequently so that they can’t be used again. This means that even if a hacker got your username and password, they’d still need access to your phone to login to your account. I recommend enabling it on every account possible. To make it more convenient, you can usually set your computer and smartphone as trusted devices so that you don’t need to enter the second code on them every time you login. But if a new computer or device tries to access your account, a code will be needed.

You still need to use good password security practices, but two-factor authentication is an excellent second layer of protection. My previous article on password security gives some tips for strong passwords, as well as more information on how prevalent hacked accounts are and why you should be concerned about the security of your online accounts.

How do you use two-factor authentication?

First of all, you’ll need to enable two-factor authentication for your account with the web sites or services where you need it. When you sign up for two-factor authentication with your provider, you’ll usually be given a set of codes you can use if your cell phone isn’t accessible. You’ll need to keep these codes in a secure location for backup.

If you opt to have codes be delivered via text, you just need to provide the service with your cell phone number. Note that this is the only 2FA option for some sites/services. If you will be using 2FA with multiple accounts, I recommend installing an app on your smartphone to get your codes (for sites that offer this).

Many web sites and services provide instructions for using Google Authenticator to get your codes, but it’s not the only option. Another popular app for 2FA is Authy. Authy works on iOS and Android, and offers the ability to get your codes on multiple devices, including a computer using a Google Chrome plugin.

To add your service to your 2FA app, you’ll usually scan a QR code with the app on your phone. Then whenever you open the app, you’ll see a list of 6-digit authentication codes, one for each account. Authy has instructions for a lot of popular sites/services on their web site to help you enable 2FA and add your code to Authy, making it easy for users. Two-Step Verification window
Two-Factor Authentication prompt for

What services offer two-factor authentication?

Not long ago, two-factor authentication was relatively uncommon among consumer web sites and services, but support for 2FA has been growing quickly. Here is just a short list of popular web sites and services that offer two-factor authentication. A more complete list is available at

  • Banks: Ally, Bank of America, Capital One, Chase, USAA, Wells Fargo
  • Email: GMail,, Yahoo! Mail, MailChimp
  • Social Media / Blogging: Facebook, Instagram, Linked In, Pinterest, Snapchat, Twitter, WordPress
  • Cloud Backup / Storage: Backblaze, Dropbox, Google Drive, OneDrive
  • Online Payments: PayPal, Square, Stripe
  • Misc: Adobe, Amazon, Evernote, YouTube

It can take time to setup all of your different login accounts with 2FA, but the added security is worth it. I recommend finding out what sites you use that offer 2FA, and then enabling it whenever possible. If an important account that you use doesn’t offer 2FA, reach out to the company and ask them to consider adding support for two-factor authentication.