How to Set Up Two-Factor Authentication (2FA) on Your Accounts

Two-factor authentication (2FA) is one of the most effective things you can do to protect your online accounts. Even if someone steals your password, they still cannot log in without the second factor — usually a code from your phone. This guide walks you through setting up 2FA on the accounts you use most, step by step.

What Is Two-Factor Authentication?

Two-factor authentication adds a second verification step to your login process. After entering your password, you are asked to confirm your identity a second way — typically a six-digit code from an app on your phone, a text message, or a hardware key. Without that second factor, your password alone is not enough to get in.

This protects you even if your password is leaked in a data breach or guessed by an attacker. It is one of the simplest and most effective security upgrades available.

How to Set Up 2FA on a Google Account

1. Sign in to your Google account at myaccount.google.com.
2. Click Security in the left-hand menu.
3. Under “How you sign in to Google”, click 2-Step Verification.
4. Click Get started and follow the prompts.
5. Choose your second factor — Google Prompt, an Authenticator app, or SMS text message.
6. Follow the on-screen instructions to verify your chosen method.
7. Click Turn On to activate 2FA.

Google will ask you to save backup codes — keep these somewhere safe in case you ever lose access to your phone.

How to Set Up 2FA on a Microsoft Account

1. Sign in at account.microsoft.com.
2. Click Security in the top navigation bar.
3. Select Advanced security options.
4. Under “Two-step verification”, click Turn on.
5. Follow the setup wizard — you can use the Microsoft Authenticator app, an alternative authenticator app, or SMS.
6. Save your recovery code when prompted.

For Microsoft 365 work accounts, your IT administrator controls 2FA settings. Contact them if you cannot enable it yourself.

How to Set Up 2FA on Facebook

1. Go to Settings and privacy, then Settings.
2. Click Accounts Centre, then Password and security.
3. Select Two-factor authentication and choose your account.
4. Pick your preferred method: Authentication app, SMS, or a security key.
5. Follow the prompts to complete setup.

How to Set Up 2FA on Amazon

1. Sign in to Amazon and go to Account and Lists, then Account.
2. Click Login and security.
3. Next to “Two-Step Verification”, click Edit.
4. Click Get Started and choose your preferred method — authenticator app or SMS.
5. Verify the method and click Done.

Which 2FA Method Is Most Secure?

Not all second factors are equally secure. Here is how they rank, from most to least secure:

1. Hardware security key (e.g. YubiKey) — the gold standard. Physically plugs into your device. Cannot be phished remotely.
2. Authenticator app (e.g. Google Authenticator, Microsoft Authenticator) — time-based codes generated offline. Very secure and not vulnerable to SIM swap attacks.
3. SMS text message — convenient but the weakest option. Codes can be intercepted via SIM swapping. Better than nothing, but upgrade to an app if you can.

For most people, an authenticator app is the sweet spot between security and convenience. Our guide to spotting phishing emails explains why this matters — even if you click a bad link, 2FA stops attackers using stolen credentials.

What Happens If You Lose Your Phone?

Every service that offers 2FA also provides backup codes during setup. These are one-time-use codes you can use if you cannot access your phone. Store them somewhere secure — printed out and kept somewhere safe, or stored in an encrypted password manager.

If you use a password manager, many also have a built-in 2FA code generator so your codes are backed up automatically.

Start With Your Most Important Accounts

If setting up 2FA on every account feels overwhelming, start with the ones that matter most: your primary email address, your Microsoft or Google account, your banking apps, and any accounts that store payment information. Securing these five accounts first will cover the vast majority of the risk.

For the strongest possible protection on high-value accounts, consider a hardware security key like the YubiKey — it makes phishing attacks virtually impossible even if your password is compromised.

Once 2FA is set up, the next step is to use an authenticator app rather than SMS codes wherever possible. Read our guide on how to use an authenticator app to get started.