How to enable 2FA
If you have an online service account that contains your personal or financial information, you must use two-factor authentication on it. This guide will show you how to use an authenticator app on your phone to increase the security of your accounts.
These include social media like Facebook, TikTok, and Twitter, email services like Gmail and ProtonMail, online storage and office suites, and financial services. Your bank is almost certainly already applying 2FA, using their own mobile phone as the token that secures most financial transactions with your card.
You should also add two-factor authentication to services like PayPal, Stripe, and Wise, as well as any online retailers that don’t trigger your bank’s card verification system when you shop with them. It’s a good idea to add 2FA to broad online services like Amazon anyway.
If you have services that use SMS messages to authenticate you, they should also move to app-based 2FA, as mobile phone numbers should never be used as a proxy for identity. You’re vulnerable to SMS interception attacks and certain types of phishing, and you can lose access to your number if it gets disconnected and reassigned because of unpaid bills or other disputes with your carrier.
We use your mobile phone as an authentication device using an authentication app. In this tutorial, we’ll use Google Authenticator because it’s available for both Android and iOS and offers a consistent interface. I’ll discuss alternatives, including the built-in authenticator in iOS 15 and later, after this setup guide.
- 1 You need
- 2 The short version
- 3 Install Google Authenticator
- 4 Getting started
- 5 Optional: import accounts
- 6 Add your first account
- 7 Choose your service
- 8 Confirm that you want to continue
- 9 Confirm your identity
- 10 Choose your 2FA method
- 11 Scan the QR code
- 12 First authentication
- 13 Optional: Add a backup mobile number
- 14 Save backup codes
- 15 Enable 2FA
- 16 You’re done!
- A computer
- An Android or iOS smartphone
The short version
- Install Google Authenticator
- Getting started
- Optional: import accounts
- Add your first account
- Select your service (Example: Dropbox)
- Confirm that you want to continue
- Confirm your identity
- Choose your 2FA method
- Scan the QR code
- First authentication
- Optional: Add a backup mobile number
- Save backup codes
- Enable 2FA
- You’re done!
Install Google Authenticator
Search for Google Authenticator in the Google Play Store or iOS App Store and tap Install. Once installed, open the app.
If you’re interested, scroll through the introductory information, then tap Get Started.
Optional: import accounts
If you’re transferring Google Authenticator accounts from your previous phone, select Import existing accounts, and then follow the onscreen instructions to view a transfer QR code on your old phone and scan it on your new one. Your one-time code collection should appear. Note that unlike some competitors, Google Authenticator doesn’t allow you to backup your codes, so this is the only way to get them off your phone.
Add your first account
You can add accounts to Authenticator using either a setup key or a QR code. I always recommend scanning a QR code if available – and it almost always is – as it reduces the risk of error. To add an account to the authenticator, tap Scan QR code. You will then be prompted to grant Authenticator access to the camera. Tap Allow.
Choose your service
In your web browser, go to a service you want to add 2FA to. In this example I’m using Dropbox, where you can find the relevant security settings at https://www.dropbox.com/account/security – in general, multi-factor authentication options are found in a service’s security settings. It’s usually a link or clickable button, but Dropbox uses a toggle switch that prompts you to set up 2FA if you haven’t previously registered an authenticator.
Confirm that you want to continue
You will often see a prompt at this point explaining what 2FA is. In Dropbox’s case, it’s an alert box where you can learn more or get started. Click Get Started.
Confirm your identity
Because this is a high-security process that could be exploited by someone who gained unauthorized access to your account, you almost always have to re-enter your password to set up 2FA for a service, even if you’re already signed in. do this.
Choose your 2FA method
Different websites support a number of different methods. Always avoid text message security codes if you can, although this is the default as they are the most accessible option. Here I select Use Mobile App and click Next.
Scan the QR code
Finally, we will be shown the QR code that we prepared to scan in step 4. Line it up with your phone camera and your phone will bring up an add account screen that will display a code. On the phone, tap Add Account, then tap Next in your browser’s 2FA window
On your phone you will see the main Google Authenticator screen. This lists all associated websites or services with 2FA codes that are replaced every second. To enable 2FA on Dropbox, all we have to do is enter the code in the 2FA prompt on our browser’s screen. Although most authenticator apps break these into two groups of three numbers, you should simply enter a six-digit code when prompted.
Optional: Add a backup mobile number
At this point, Dropbox will prompt you to add a backup phone number if one isn’t currently associated with your account. This is generally a good idea so you can easily regain access to your account if you lose your authenticator. However, if you’re worried about your cell phone number being compromised, stick to backup codes. Enter your cell phone number and click Next.
Save backup codes
Dropbox gives you a set of backup passwords here, which is pretty standard. Other services may require you to generate them separately from their security interface. Either way, these are incredibly useful, as you can use them to sign in when you don’t have access to your authenticator app. Copy or scan it and put the file somewhere safe – preferably encrypted. Click next.
you are almost there Dropbox will show a final prompt asking if you’re sure you want to enable two-factor authentication. Click Next to confirm this.
The next time you log in to this site from a new browser, you will be prompted to enter a 2FA code and password. Your security page will now show all your 2FA settings and give you access to your recovery codes if you need to generate more. If necessary, you can also disable 2FA here. On the phone, if needed, click the plus sign at the bottom right to add another 2FA record to Google Authenticator.
For another example, see my guide to securing your Amazon account with two-factor authentication using Aegis Authenticator.
See more new articles in category: GUIDES