Two-Factor Authentication: The Complete List Of Everywhere You Should Enable It

Two-factor authentication is one of the best things you can do to make sure your accounts don’t get hacked. We’ve talked about it a bit before, but here’s a list of all the popular services that offer it, and where you should go to turn it on right now.

Image remixed from Boguslaw Mazur (Shutterstock).

We originally published this post in August of 2012, but a lot of our favourite sites have added two-factor authentication since then. So, we’ve decided to update the post with all the new options (and keep it updated going forward). Thanks to Evan Hahn for his great list as well.

What Is Two-Factor Authentication?

Passwords, unfortunately, aren’t as secure as they used to be, and if someone gets your password, they can access your account without any fuss. Even having a strong password doesn’t completely protect you. Two-factor authentication solves this problem.

Google’s spam guru, Matt Cutts, put it best: two-factor authentication is a simple feature that asks for more than just your password. It requires both “something you know” (like a password) and “something you have” (like your phone). After you enter your password, you’ll get a second code sent to your phone, and only after you enter it will you get into your account. Think of it as entering a PIN number, then getting a retina scan, like you see in every spy movie ever made. It’s a lot more secure than a password (which is very hackable), and keeps unwanted snoopers out of your online accounts.

Where Can I Use It?

Unfortunately, you can’t use two-factor authentication everywhere on the web just yet. But a lot of sites have recently implemented it, including many of our favourite services. Here are some services that support two-factor authentication, with instructions on how to enable it:

• Google/Gmail: Google’s two-factor authentication sends you a six-digit code via text message when you attempt to log in from a new machine, although it also works with the Google Authenticator app for Android, iOS, and BlackBerry. You can save each machine for 30 days. You can enable it here, or check out Google’s documentation for more info.
• LastPass: LastPass is one of the most important services to use with two-factor authentication — since it stores all your other passwords. It uses the Google Authenticator app for Android, iOS and BlackBerry, and you can read up on how to enable it here.
• Apple: Apple’s two-factor authentication sends you a 4-digit code via text message or Find My iPhone notifications when you attempt to log in from a new machine. You can enable it here, or check out Apple’s documentation for more info.
• Facebook: Facebook’s two-factor authentication, called “Login Approvals,” sends you a 6-digit code via text message when you attempt to log in from a new machine. You can also authorise a new machine from Facebook.com on a saved machine if you don’t have your phone handy. You can enable it here, or check out Facebook’s blog for more info.
• Twitter: Twitter’s two-factor authentication sends you a six-digit code via text message when you attempt to log in from a new machine. You can enable it here, or check out Twitter’s blog for more info.
• Dropbox: Dropbox’s two-factor authentication sends you a six-digit code via text message when you attempt to log in from a new machine, though it also works with Google Authenticator and a few other similar authentication apps. You can enable it here, or check out Dropbox’s documentation for more info. And if you want another layer of extra security, you can encrypt the contents of your Dropbox with TrueCrypt.
• Evernote: Free Evernote users will need to use an authenticator app like Google Authenticator for Android, iOS and BlackBerry, although premium users can also receive a code via text message to log into a new machine. Enable it here, or check out Evernote’s blog for more info.
• PayPal: PayPal’s two-factor authentication sends you a six-digit code via text message when you attempt to log in from a new machine. You can read more about it and enable it here.
• Steam: Steam’s two-factor authentication, called Steam Guard, sends you a five-digit code via email when you attempt to log on from a new machine. You can enable it by going to Steam > Settings > Manage Steam Guard Account Security in the Steam client. Check out Steam’s documentation for more info.
• Microsoft Accounts: Microsoft’s two-factor authentication sends you a seven-digit code via text message or email when you attempt to log in from a new machine, although it also works with a number of authenticator apps. You can enable it here, or check out Microsoft’s documentation for more info.
• Yahoo! Mail: Yahoo’s two-factor authentication sends you a six-digit code via text message when you attempt to log in from a new machine. You can enable it here, or check out About.com’s article on the subject for more info.
• Amazon Web Services: Amazon’s web services, like Amazon S3 or Glacier storage, support two-factor authentication via authenticator apps, like the Google Authenticator app for Android, iOS and BlackBerry. It also supports Windows phone via the Authenticator app. You can enable it here, or check out Amazon’s documentation for more info.
• LinkedIn: LinkedIn’s two-factor authentication sends you a six-digit code via text message when you attempt to log in from a new machine. You can enable it here, or check out LinkedIn’s blog for more info.
  
• WordPress: WordPress supports two-factor authentication via the Google Authenticator app for Android, iOS and BlackBerry. You can enable it and read more about it here.
• DreamHost: DreamHost supports two-factor authentication via the Google Authenticator app for Android, iOS and BlackBerry. You can enable it here, or check out DreamHost’s wiki for more information.

This isn’t an exhaustive list, but it includes some of the more popular services out there. Check out Evan Hahn’s great list for a few more, and check around the documentation 0f your favourite services to see if they support it.

For every service you use that supports it, you should head over and enable two-factor authentication right now — it’s one of the best ways to keep your data (and in many cases, your money) safe. Of course, you should also make sure you use a unique, secure password for each of your accounts, so if you don’t, now’s a good time to change that.