Hand holding an iPhone 10
Use the same password for everything? Two-factor authentication is just what you need. Youssef Sarhan via Unsplash

Online security has never been more important, and if you think keeping all your accounts safe and secure is a big challenge, you’re definitely not alone.

But even if you feel comfortable with your passwords and you’ve managed to think of a different one for every account—an impressive feat to say the least—there are simple steps you can take to lay an extra layer of protection over your data. One of the most effective is enabling two-step authentication across all your apps and services.

How two-factor authentication works

The “two” is key in two-factor authentication—it means that if someone wants to get into one of your accounts, they need not one, but two bits of information. A password counts as one, but it’s not enough. In addition to something you know—your password—two-factor authentication also requires “something you have.” This may be a code (sent to your phone via text message or from a code generator app) or a token you carry around with you, like a USB security key.

If you’re already dreading the idea and think this will make it too complicated to check your email every day, know that two-factor authentication can be set to kick in only when you access your accounts from a new device. You can list your laptop and phone as “trusted devices,” and you won’t be required to constantly look up codes or wait for texts when you log in from there. This can be comfortable, but is also a great reason to protect your personal devices with strong PIN codes, passwords, and fingerprints.

Two-factor authentication, along with two-step authentication or verification, are terms often used interchangeably, and though they are very similar, they are not the same.

Two-step usually refers to two bits of similar information, like a passcode and a password, that are needed to log in, and that might arrive on the same device. Two-factor, meanwhile, typically requires two different devices or types of authentication, like a passcode and a fingerprint.

Google Authenticator
No, Google Authenticator won’t give you the winning Lotto numbers, but will help you protect any account. David Nield

You only need to look at the number of data breaches that regularly hit the headlines to know how easily your password and email address can leak into the public domain. You can take mitigating steps after the event but, as with everything, pre-emptive action is the best option.

With two-factor authentication, anybody who tries to log in with your username and password will be asked for a second bit of information they don’t have. If they’re not you, they won’t be able to get in. If this happens, you’ll also be notified of an unsuccessful attempt to access your account, which could be useful if you ever wonder about whether you need to take further steps to protect your data.

But using two-factor authentication (or 2FA) doesn’t mean your accounts are suddenly unhackable or that you can let your guard down. Text messages can be intercepted, phones can be stolen, and it’s important that you think of 2FA as one part of an effective security strategy rather than a failsafe lock.

Placing this extra layer of security across all your accounts is easy and shouldn’t take you long at all. It’s definitely worth a few minutes for some extra peace of mind.

Activating two-factor authentication

Two Factor Authentication on Facebook
If you have time to play FarmVille, you have time to enable two-factor authentication. David Nield

Just about every major digital account out there has a two-factor authentication option now. In some cases you might actually get prompts to turn it on when you log in.

From your Google account on the web, click Security and then 2-Step Verification to start the setup process. If you have a Microsoft account, once you’ve logged in on the web, click Update under Security and then Explore next to More security options—you can enable two-factor authentication from the next screen.

For Apple accounts, 2FA needs to be turned on from iOS (Settings > your Apple ID name > Password & Security) or macOS (System Preferences > iCloud > Account Details > Security).

2FA is also available on all your social media accounts. Log into Facebook on the web, click the drop-down menu on the toolbar, then pick Settings and Security and login to access two-factor authentication. On Twitter on the web, click your avatar, then Settings and privacy and Account to find the option.

For Instagram and Snapchat, you need to go inside the mobile apps. On Instagram, open your profile tab and tap the menu button (three horizontal lines, top right), then choose Settings* and *Security. In Snapchat, tap the cog icon from your profile tab and you’ll see the Two-Factor Authentication option.

Two Factor Authentication on Snapchat
Tell your friends about securing their Snapchat account. And yes, you can use the doggy filter while you’re at it. David Nield

Dropbox user? If you’re logged into the web platform, you can click your avatar, then Settings, and choose Security to configure your 2FA options. For WhatsApp, open the app, then the app menu (three dots, top right), then choose *Settings** and Account.

As you can see, two-factor authentication is just about everywhere and you should find the option fairly prominently displayed under any platform’s security options.

Where you won’t find two-factor authentication—at least not yet—is on media streaming services such as Spotify and Netflix.

While we can’t speak for those services, it’s likely that the extra convenience of quickly switching between devices to listen to music or watch movies outweighs the security concerns of someone being able to binge watch Stranger Things, or binge listen the complete works of Coldplay without your knowledge.

Where 2FA is available, switch it on, and pay attention to whatever backup login options there are (like security questions or a text message). After all, your accounts are only as strong as their weakest points. With two-factor authentication, you should stand a much better chance of keeping your digital properties safe from unwelcome visitors.