Two-factor authentication (aka multi-factor authentication, 2FA, or TFA), is a feature that adds a second level of authentication to your online accounts. With this feature enabled, even if someone discovers your password for a service, they’ll need an additional one-time code that is send to your phone via SMS or generated on an app such as Google Authenticator (seen in image) to log into the account. The second factor makes your account more secure, in theory.
The number of services supporting two-factor authentication is continuously growing. As of now, Google, Facebook, Apple, Yahoo, PayPal, LastPass, Twitter and Dropbox are a few of the top sites that let you require two-factor authentication to sign in to your account from unverified computers and devices. Many more could follow suit.
Before proceeding, I will suggest you install Google’s Authenticator app on your phone. It’s an app that can generate login codes for any compliant service. It’s available on Android, iOS, and Blackberry.
List of Sites Supporting Two-Factor Authentication
Here are some of the popular services that support two-factor authentication, with instructions on how to enable it:
Google was one of the first major services to implement two-factor authentication. A single sign in to an account provides access to all other services owned by Google. So you should seriously enable the feature over here. Head over to this page to set up.
For the complete walk-through, check out Google’s official documentation.
Facebook’s two-factor authentication is called “Login Approvals”. This feature kicks in only when the site detects a login attempt from an unrecognized computer, and then you are asked to enter a six-digit code that is send to you via an SMS. If you have Facebook’s mobile app installed, that can also be used to generate authentication codes. For instructions, check out this post.
Dropbox supports authentication over SMS or over any of the popular authentication apps. You can enable the option in the Security section of your account settings.
Instructions available here.
A single Microsoft account can provide you access to Outlook inbox, devices like the Xbox console, and of course Skype. So just like Google, this is a service where you should enable the 2FA feature. You can do so by going to Security Info section of your account settings.
Yahoo’s Second Sign-in Verification requires that you answer a security question or enter a verification code when signing in to your Yahoo account from an unverified computer or device.
Amazon Web Services
Amazon’s AWS Multi-Factor Authentication feature is available for all users of Amazon’s web services, like Amazon S3 or Glacier storage. You can get the apps for the device you own here.
Apple’s two-step verification can be enabled by going to My Apple ID page. Once enabled, a 4-digit code is sent via SMS or the Find My iPhone app when you successfully sign-in on the My Apple ID website.
LastPass is a service that you can use to create, manage, and store passwords for other sites. If you’re using this services to manage your passwords, this is one of the most important services you should enable two-factor authentication for. You can find instructions on how to enable it here.
Automattic, the company behind the blog hosting platform WordPress.com, has made available Two Step Authentication for all WordPress.com account holders. If you have an account there, go to Security tab in your WordPress.com account settings, and go through the setup wizard to enable the feature.
If you run a self-hosted WordPress blog, you can use an extension such as Google Authenticator to add the feature to your website.
Just like WordPress, there’s a module called Google Authenticator which adds Multi-Factor Authentication to Drupal websites. You can grab it here.
PayPal’s 2FA feature is called PayPal Security Key. To use the feature you can either order a $30 credit card-sized hardware key, register your mobile phone number for free, or activate your security key from PayPal or VeriSign Identity Protection. Head here to activate it.
Twitter calls its 2FA system “Login Verification”. Just like all other services on this page, you can enable it from your account settings. Though, as of writing, Twitter supports verification only by SMS, no offline authentication protocol, so if you don’t want to attach your phone number to your account, it may not fit. Hopefully Twitter will follow suit.
If you host your web site on DreamHost, you can enable two-factor authentication for your account by finding Multifactor Authentication in the panel. Instruction for setup can be found here. DreamHost uses Google Authenticator app for authentication.
Evernote now offers two-factor authentication for its users. At the moment this feature is rolled out only to Premium users, but eventually it will be made available to all users. Evernote verification is carried out over a 6-digit code that is obtained via SMS (just like Twitter). You can enable the feature here.
LinkedIn has also jumpted on the two-factor authentication wagon. Just like Twitter and Evernote, LinkedIn’s system doesn’t offer a smartphone app. Instead, it can only send codes via SMS. LinkedIn will prompt users for this second factor when it detects that a user is signing in from an unknown computer or device.
To enable this feature, sign into your account, head to Settings, then the Account tab, and “Manage security settings” option.
I’ll update this post as and when more services role out this feature.