How to enable Two-Factor Authentication (2FA)

If you really don’t want anyone accessing your bank accounts, email, photos, investment accounts, WordPress backends, Quickbooks Online… Then you really have to use Two-Factor Authentication.

Two-Factor authentication (2FA) is a critical piece of technology security that I use as much as possible. This is where you need a 2nd device to retrieve a one-time use, always-changing special code to login to any service. This means that if anyone were to gain access to your password, it is extremely unlikely that they would ever be able to access your account without your phone.

Two Factor Authentication (2FA) can be done via an RSA key, a text message, or an authenticator application. I recommend Google Authenticator on iPhone and Android – or, if you don’t trust Google, try Authy. is a great site with recommendations on how to setup 2FA on Gmail, Office 365, Apple iTunes, iCloud, Facebook, Instagram, Twitter, Amazon, Yahoo, Outlook…

The setup is usually fairly simple and it can be slightly different from site to site, but the general way it goes is:

  1. Download the authenticator app of your choice (some bank services only work with an RSA keychain) – you can usually use the same app for multiple sites.
  2. Use your computer login to the site where you want to use 2FA (do not use a public computer)
  3. Find the 2FA settings on the site. You should see a QR code and a special key sequence.
  4. VERY IMPORTANT – Record the QR code and special sequence and store it in a really safe place with a note of where it is from that is not completely obvious to others. I recommend using a location that is offline and/or encrypted. Again, this is really important, this code can be used to turn off 2FA, but also if you were to lose your phone this code might be the only way you can access your account.
  5. Open the authenticator application on your phone and pointing the camera at the QR code on your computer screen.
  6. The authenticator app on your phone will then give you a verification code that you can enter on the site.