Turn On Two-Factor Authentication (2FA)
Two-factor authentication means a stolen password alone can't get anyone into your accounts. Here's what it is, why it matters, and how to turn it on for your most important accounts.
On this page
Two-factor authentication (2FA), also called two-step verification, adds a second check when you log in. Even if someone has your password, they can't get in without also having your phone or a code only you can receive. It's one of the most effective ways to protect your accounts.
How It Works
When you log in with 2FA enabled, you enter your password as normal — then you're asked for a second piece of proof. This might be:
- A code sent to your mobile phone by text message (SMS)
- A code from an authenticator app (more secure)
- A notification to approve on your phone
- A fingerprint or face scan on a trusted device
Where to Turn It On First
Prioritise these accounts — they protect access to almost everything else:
- Your email account — anyone who can access your email can reset passwords for everything else
- Online banking — most banks already require this, but check it's active
- Your Microsoft account — used for Windows login and Microsoft 365
- Your Google account — used for Gmail, Google Pay, and Android
- Apple ID — if you use Apple devices
Setting Up 2FA on Your Microsoft Account
- Go to account.microsoft.com and sign in.
- Click Security > Advanced security options.
- Under Two-step verification, click Turn on.
- Follow the prompts to add your phone number or set up an authenticator app.
Setting Up 2FA on a Google Account
- Go to myaccount.google.com and sign in.
- Click Security on the left.
- Under How you sign in to Google, click 2-Step Verification and follow the steps.
Authenticator Apps vs Text Messages
Text message codes are better than nothing, but authenticator apps are more secure. Microsoft Authenticator and Google Authenticator are both free and straightforward to set up. The app generates a new code every 30 seconds that only works for that moment — much harder to intercept than a text.
Frequently asked questions
What if I lose my phone and can't receive my 2FA code?
This is why backup codes matter. When you set up 2FA, save the backup codes the service provides — they let you get in without your phone. If you didn't save them, each service has an account recovery process. For Microsoft and Google accounts, this involves verifying your identity via a backup email or phone number you registered earlier, which is another reason to keep your account recovery options up to date.
I got a 2FA code I didn't request. What does that mean?
It means someone is trying to log into your account with your password right now. Don't share the code with anyone — not even someone who calls claiming to be from the company. Change your password immediately from a trusted device, then check whether any unknown devices have access to your account (most services show this under Security settings).
Comments & Questions (0)
No comments yet — be the first to ask. Comments appear after review.
Leave a comment
Your comment appears after our team approves it. Or sign in to post faster.