Two-factor authentication: Everything you need to know!

Hackers are too good, and security systems flawed. Longer complicated passwords created by generators like Safari's iCloud Keychain or third-party apps like LastPass or 1Password can help, but the best way to lock down your accounts is to add extra security options for a two-step verification or two-factor authentication (2FA). Here's how to go about it.

What is two-factor authentication?

Two-factor authentication asks you to authenticate that you are who you say you are by supplying not only your password, but also a unique code supplied from your phone or an external app. It ensures that those accessing your accounts have access to your physical devices as well as your virtual passwords, and makes a simple password crack or social engineering hack a lot more insufficient when it comes to accessing your personal data.

What's the difference between two-factor authentication and two-step verification?

Two-factor authentication, or 2FA, traditionally requires two different types of authentication. That can include something you know (password), something you are (fingerprint), or something you have (a secondary trusted device).

Two-step verification, on the other hand, can use the same type of information delivered by different sources. For example, a code you remember (password) plus a code you're sent over SMS (token).

Two (or more) factors can be more secure, but two steps are typically enough for most online accounts. It's a better version of the old "security questions". It not only helps you avoid needing to remember your random answers, but it also removes the risk of relying on potentially easy-to-find information.

Why is two-factor authentication so important?

Passwords are weak, broken, and by all accounts, outdated: Having to remember a random assortment of numbers, letters, and possibly (but not always) other characters can be tough on your memory and easy for attackers to compromise, especially when technology like Touch ID exists. Apps like 1Password or LastPass can help with organizing and memorizing your passwords and even help you create super-long strings, but you're still reliant on a single password to keep you safe. Two-step/two-factor authentication requires two different keys to log you into your account, significantly ramping up the level of difficulty for any would-be hackers to access your personal information.

What accounts can I set up with two-step verification or two-factor authentication?

Over the past few years, lots of web services and banks have hopped aboard the multiple authentication methods bandwagon — more than we can properly list. The folks over at Two Factor Auth, however, have kindly put together a master list of services that support two-step verification or two-factor authentication, along with links to how-to documents, what methods of two-factor authentication they support, and how to contact a service you use to request that they implement two-factor authentication.

Here at iMore, we've put together a bunch of articles on some of the most popular services that support two-step/two-factor authentication — as well as the easiest ways to set it up — to help you keep your accounts safe and away from prying eyes.

What if I lose my phone (or have it stolen)?

One of the big fears with SMS or code-based two-factor authentication is the potential loss of your primary authentication device: If you don't have your phone, you can't get SMS messages, et cetera. Thankfully, most services offer recovery keys or special passcodes that can unlock your account in case you don't have access to your cell phone at the present moment. Make sure to write these down in a safe place; I use 1Password's secure notes feature for this, and also store a hard copy in my office.

Need more help with two-step verification or two-factor authentication?

Running into trouble setting up two-step verification or two-factor authentication? Have a question about turning two-step or two-factor on for your favorite service? The iMore Forums are a great place to get advice and help from other members of our community; you can also ask a question in our Q&A forum and we'll get back to you as soon as we can.

Serenity Caldwell contributed to an earlier version of this guide.

Updated January 2019: Updated for Data Privacy Day.

Keep yourself secure on the web

Main

Latest And Best Prime Day Deals

It might be Prime Day, but this Instant Pot deal is available to everyone
Instant Pot 3-Quart Duo Mini Pressure Cooker
$39.95 $65.00 Save $25

This 3-quart multi-cooker is perfect for smaller households or serving sizes, and today's deal beats the others we've seen.

Unlock voice control with Echo device deals and $5 Amazon smart plugs
Amazon Echo devices bundled with $5 smart plugs

Amazon's Smart Plug lets you start voice controlling anything plugged into it by asking an Alexa-compatible device, and today's deal lets you snag one for only $5 with purchase of select Echo devices.

Be more productive with a year of Office 365 Home and a free $50 Amazon gift card
Office 365 Home 12-month subscription and $50 Amazon gift card
$99.99 $150.00 Save $50

The subscription works with up to six people, but that card can be all yours.

Amazon's Fire TV Cube is down to just $70 thanks to this Prime Day deal
Amazon Fire TV Cube
$69.99 $119.99 Save $50

Grab TCL's 32-inch 720p Roku TV for less than $100 in this Prime Day Lightning deal
TCL 32S325 32-inch 720p Roku TV
$99.99 $130.00 Save $30

Act fast while you can. These Lightning deals tend to sell out quick.

The Ring Alarm security system is reaching new low prices for Prime Day
Ring Alarm home security systems

Various configurations of the Ring Alarm are discounted to their best prices yet exclusively for Prime members at Amazon through Tuesday night to help keep your home secure.

The Sonos Beam Prime Day deal includes a $40 discount and 2 $50 Amazon gift cards
The Sonos Beam Prime Day deal includes a $40 discount and $100 in Amazon gift cards
$359.00 $499.00 Save $140

That's just so much savings in one deal. You'll have to wait for the physical gift cards, but that's basically $100 to spend however you want.

Prime Day dropped this PlayStation 4 console bundle to just $250
PlayStation 4 Slim 1TB console with Marvel's Spider-Man and Horizon Zero Dawn
$249.99 $359.98 Save $110

This deal on the PlayStation 4 Slim console saves you $50 off its regular price while also including Marvel's Spider-Man and Horizon Zero Dawn Complete Edition for free. You'll just need an Amazon Prime membership to snag it.

More Prime Day Deals