Enable two-factor authentication

Steps

Goal: Install an authenticator app or connect a hardware key, then enable 2FA on your primary email first.

• Download an authenticator app (Google Authenticator, Microsoft Authenticator, or Authy) from your device’s app store. If you prefer a hardware key, connect a FIDO2-compatible key like a YubiKey.
• Confirm the app opens and shows an empty account list, or that your hardware key’s LED flashes when touched.
• Proceed to Set up email first.

Set up email first

Goal: Enable 2FA on your primary email—it controls password resets for other accounts.

• Log in to your email account and find the Security or Sign-in section in account settings. Look for “Two-step verification,” “Login verification,” or “2FA.”
• Click the option to add an authenticator app or security key. A QR code will appear.
• Open your authenticator app and scan the code. If using a hardware key, select the security-key option and tap the key when prompted.
• Type the six-digit code from the app into the service’s confirmation field. If the code is rejected, check that your phone’s clock is synced to network time—TOTP codes depend on accurate time.
• Good: The service shows 2FA as enabled. Proceed to Save backup codes.
• Bad: Code rejected—sync your phone’s clock to network time and try again.

Save backup codes

Goal: Store backup codes offline so you can regain access if you lose your device.

• After enabling 2FA, the service will offer a set of one-time backup codes. Copy or print them.
• Store the codes in a secure physical location—a safe or locked drawer. Do not store them in a cloud note or on the same device as your authenticator.
• Verify you have recorded all codes before closing the dialog. These are the only way to regain access if you lose your phone and hardware key.

Repeat for banking and social

Goal: Enable 2FA on banking, financial, and social media accounts.

• Open the security settings of your bank, investment, and payment accounts one at a time. If a service only supports SMS-based 2FA, enable it—SMS is weaker but still better than no second factor.
• Go to the security settings of each social media platform (Facebook, X, Instagram, LinkedIn). Prefer authenticator apps over SMS when available.
• Confirm each account shows 2FA as active in its security summary. You should see a green checkmark or “Enabled” label.

Test the login flow

Goal: Verify 2FA works and you can log in with your second factor.

• Log out of one account and log back in. The 2FA prompt should appear.
• Open your authenticator app and enter the current six-digit code. If you set up a hardware key, tap it when the browser prompts you.
• Good: You reach your account dashboard. 2FA is working.
• Bad: Code rejected—check clock sync, or use a backup code if you have one.

When to get help

If you lose access to your authenticator and backup codes, contact each service’s account-recovery flow. Recovery can take days. Never share backup codes or 2FA codes with anyone—legitimate support will never ask for them.

References

• NIST — Digital Identity Guidelines (Authentication) — authentication best practices
• 2FA Directory — which services support 2FA and what methods they offer

Verification

• Log out and back in to at least two accounts. The 2FA prompt should appear each time.
• Your authenticator app shows entries for every account you enabled.
• Your backup codes are stored in a secure offline location separate from your devices.
• Every account you enabled 2FA on now requires the second factor at login.