Over the past few years you may have heard a number of companies, app makers and service providers announce that they're launching two factor verification or two factor authentication, often abbreviated to 2FV. If you ever wondered what the heck it even is, or whether it's worth using, we'll attempt to answer your questions in this feature.
What is two factor authentication?
Breaking it down to the most simple explanation, it's basically adding a second layer of protection to your account, app or service to go alongside your regular logging in method. In most instances, this involves receiving a code by SMS to your mobile number, but there are variations.
How does two factor authentication make your account more secure?
Using the SMS example - since that's the most popular method of 2FV - it means no one can log into your Gmail, iCloud, Twitter (or other) account from a new device, even if they have your password.
When someone tries to log into your account from a new device, or even new browser, with your password, when they hit "enter" or "submit", it'll take them to a new screen asking for a code. This code has been sent to the registered mobile number as an SMS.
Does two step authentication always need a mobile number?
While it's the easiest and most convenient way to add a second layer of security, it's not the only way.
As an example, WhatsApp can't use your mobile number as its second verification method, because that's the primary method for logging in. So instead, it asks you for a six digit PIN number every so often, or when you log in from a new smartphone.
- How to enable WhatsApp's two-step verification on iPhone and Android
- Snapchat finally adds two-factor authentication: Here's how to log in securely
- PlayStation Network adds two-factor authentication: Here’s how it works
- Amazon adds two-step verification: Here's how to enable it
While Apple does use SMS verification for iCloud account security, it also uses its "Trusted Devices" method. Using this method, it sends a four digit code directly to a trusted and verified device, which then pops up in a little window on the screen once you unlock your iPhone or iPad.
What if I've lost my phone?
Most services - as mentioned - offer more than just the phone number SMS method for logging in. Nearly all of them will offer you the ability to generate backup codes or, like Apple, give you a recovery key that's a really long chain of letters and numbers which you can input instead of using your password and SMS code.
Be sure to set up a recovery key, and store it somewhere safe like in a password-protected document and/or secure password app.
Two factor authentication: Is it worth it?
Yes. Absolutely. Once it's set up it only adds one extra step to logging into your account from a new device or browser.
On the off-chance that someone has got your password, and tries to get into your account, you'll have the peace of mind knowing that they can't get in without also having your phone which - even if they have - is likely locked and protected behind a password, pattern or fingerprint scan.
To add further privacy, there are settings within Android and iOS to ensure that you can stop SMS notifications from showing up on a lock screen. Just head to Settings > Notifications and select which apps you want to have display information on the lock screen, or choose to hide sensitive information (on Android).
How do I activate two factor verification on iCloud, Gmail, Twitter and so on?
For most accounts that you have, you'll normally find the two factor verification option in your account security settings. This usually just means finding your settings options, which is normally straightforward. Most services you log in to will have an option, but here are a few of the more popular services:
Apple two-step verification
For your Apple ID or iCloud account you head to appleid.apple.com, then log into your account and look for the two-step verfication in the Security section, and choose to turn it on.
You'll then go through a set up process that's really simple to follow. Also, be sure to create a recovery key and then make a note of that somewhere safe, where you know you'll never lose it.
Google 2-step verification
For your Gmail/Google account, log into any Google service, or just go to Google.com and click on your profile image in the top right corner, then select "My Account". Click the "signing in to Google" option under the Sign-in and security tab. Look for the 2-Step Verification option and choose to activate it.
Here you can add your phone number, choose to get a Google Prompt on your phone, set up some backup codes that you can print off, or download and install the Authenticator app on your Android phone or iPhone.
Twitter login verification
Log in to Twitter on desktop and click the small image thumbnail in the tool bar, then select "Settings and privacy" in the drop-down menu. Tick the "Verify login requests" box in the security options, and - if you haven't already - enter your mobile number so that it can send you SMS codes.
You can also use the mobile Twitter app to generate codes when you log in by opening the side bar menu, heading to Settings and privacy > Account > Security > Login code generator.
Facebook two-factor authentication
In Facebook on desktop click the little globe icon in the toolbar, then go to Settings > Security and login, then choosing the "Use two-factor authentication".
You can add your mobile number for text message codes, add security keys to log in by USB or NFC, or generate codes in the Facebook mobile app. You can also generate specific app passwords to use once for apps that don't support Facebook's two-factor authentication.