How to Set Up Two-Factor Authentication: A Simple Guide
Two-factor authentication is one of the best ways to protect your important accounts, and it is simpler than it sounds. The name just means using two things to log in: your password, plus a second step such as a code sent to your phone. Even if someone learns your password, they cannot get in without that second step.
This guide explains what it is, why it is worth turning on, and how to set it up, in plain English. This is one piece of a bigger picture, so it is worth reading our full guide to staying safe online as well.
Quick answer
Two-factor authentication adds a second step to logging in, usually a code sent to your phone by text. To turn it on, go to the security settings of an account, such as your email, and look for two-factor or two-step verification. Switch it on and follow the prompts. Start with your email, as it is the most important account.
Why it is worth turning on
A password alone can be guessed, stolen in a data breach, or tricked out of you by a scam. Two-factor authentication means that is not enough on its own. Without the second step, which only you have, a stranger cannot get in. It is the single biggest improvement you can make to your online safety, alongside a strong password.
The two common types
The most common type is a code sent to your phone by text message, which you type in after your password. The other is an authenticator app, which shows a code that changes every minute. Both work well. A text code is the simplest to start with, and is all most people need.
How to turn it on
The steps are similar across most accounts. Open the account’s settings, find the Security section, and look for two-factor authentication or two-step verification. Turn it on, enter your mobile number if asked, and type in the code it sends you to confirm. That is it. Next time you log in on a new device, it will ask for a code as well as your password.
Where to turn it on first
- Your email, as it can be used to reset other passwords, so protect it first.
- Your bank, though many banks now build this in automatically.
- Your Apple Account or Google Account, which holds your photos and apps.
- Any shopping account that has your card details saved.
Before you finish
Download the free Family Tech Safety Checklist to help check phone safety, passwords, scam messages, emergency contacts and medical alarm details.
FAQ: Two-factor authentication
Is two-factor authentication hard to use?
No. After you set it up, the only change is that you sometimes type in a code from a text message when you log in on a new device. It takes a few extra seconds for a big gain in safety.
What if I do not have my phone with me?
You can usually still log in on a device you have used before. Many services also give you backup codes to keep safe at home for emergencies.
Is the code the same as my password?
No. The code is a separate, one-time number, used alongside your password. Never share it with anyone, as no genuine company will ask you to read it out.
Do I need a smartphone for this?
A text code works on any mobile phone, including a simple one. An authenticator app needs a smartphone, but the text option suits most people.
Is it really worth the bother?
Yes. It is the single most effective step to keep your accounts safe, and you only set it up once. It works hand in hand with online banking safety.
