Two-Step Verification

What do you do when your passwords aren't safe? Whether your partner knows your passwords or a website has been hacked, it's best to have a safety-net on your email, social media, and password manager accounts. Two-Step Verification (2-Step) is like saying an extra secret passcode every time you login to a website. Normally, you enter your username and password and you're logged-in to your account. With 2-Step enabled, you have to enter a special number too—it looks like "653 234" or "4327". The number is either texted to you from your website, or is generated with an app on your phone. Once you have your 2-Step number, you simply enter it after your password, and you're logged-in just as you normally are. If you don't have the 2-Step number, or enter the wrong number, you can't log-in. This means that even if someone had the password to your account, they would need physical access to your phone to log-in: they need the 2-Step number as well. And every 2-Step number is temporary—you use a new number every time you log-in, so you don't have to worry about being hacked with an old 2-Step number.

Two-Step Verification depends on your phone being secure. If your partner can use your phone (maybe they demand access, maybe you don't have a password on your phone), then they can see your 2-Step numbers and use them for logging into your accounts That said, it's still a significant protection from hackers, so it's worth enabling if you feel safe to do so. All you have to do is go to your website, check the settings for Two-Step Verification, and walk through the provided steps. Most email, financial, and social media services have this option, though many casual websites do not. If you are likely to lose your phone, you may be locked out of your accounts when you cannot generate or receive a 2-Step number. Take this into consideration when deciding whether to enable Two-Step Verification, though many sites provide "recovery" numbers that you can save. These will let you login when you can't use a 2-Step number, so store them in a safe text document or even a piece of paper: somewhere physically secure.

Here's a helpful list of popular sites that support Two-Step Verification through text and/or apps. Follow the links for instructions on getting started. Sometimes a site will offer Two-Step Verification by a different name: "Login Approval", "Login Verification" and "Two-Factor Authentication" are often used, though they mean the same thing: you have to present a password and a number to login.


Many websites will simply text you a Two-Step Verification number when you log-in. While this is an easy approach, it depends on having control of your phone and being able to receive texts. You could be locked out of your accounts when cell reception is poor, or if you lose your phone. By using a specialized Two-Step Verification app, you can generate 2-Step numbers from multiple devices: your desktop, your tablet, or your phone. The app Authy is free and simple to use—it seamlessly integrates with Google, Facebook, Twitter, Dropbox, and many other popular websites. It automatically syncs between your devices, so you can switch whenever you need to. And it works offline—even if you don't have internet access on your device, you can still generate 2-Step numbers.