Why Two-Factor Authentication Matters
Two-factor authentication (2FA) adds a second layer of security to your accounts. Even if someone obtains your password, they still can't log in without the second factor — typically a temporary code sent to your phone or generated by an app.
It's one of the single most effective steps you can take to protect your email, banking, and social media accounts from unauthorised access.
Types of Two-Factor Authentication
| Method | How It Works | Security Level |
|---|---|---|
| SMS Text Code | A code is sent to your phone number | Good (basic) |
| Authenticator App | App generates a time-based code every 30 seconds | Better |
| Hardware Security Key | Physical USB/NFC key you tap to verify | Best |
| Biometric + Device | Fingerprint or face ID on a trusted device | Very Good |
For most people, an authenticator app is the best balance of security and convenience. Popular options include Google Authenticator, Authy, and Microsoft Authenticator — all free.
Step-by-Step: Setting Up 2FA with an Authenticator App
Step 1: Download an Authenticator App
Install a free authenticator app on your smartphone. Authy is a good choice for beginners because it supports account backups. Google Authenticator is widely supported and straightforward.
Step 2: Go to Your Account's Security Settings
Log in to the account you want to protect (e.g., Gmail, Twitter/X, your bank). Navigate to:
- Gmail: Google Account → Security → 2-Step Verification
- Facebook: Settings → Security and Login → Two-Factor Authentication
- Instagram: Settings → Accounts Centre → Password and Security → Two-Factor Authentication
- Most sites: Look under "Account Settings" → "Security" or "Privacy"
Step 3: Choose "Authenticator App" as Your Method
Select the authenticator app option. The site will display a QR code on screen.
Step 4: Scan the QR Code
Open your authenticator app and tap the "+" or "Add account" button. Choose "Scan QR code" and point your camera at the code on screen. The account will be added to your app instantly.
Step 5: Enter the Verification Code
Your app will now show a 6-digit code that refreshes every 30 seconds. Type the current code into the website to confirm the setup is working correctly.
Step 6: Save Your Backup Codes
Most services provide one-time backup codes in case you lose your phone. Save these somewhere safe — a password manager, a printed sheet stored securely, or an encrypted note. This step is critical.
Which Accounts Should You Prioritise?
- Your primary email address (it's the master key to everything else)
- Banking and financial accounts
- Cloud storage (Google Drive, Dropbox, iCloud)
- Social media accounts
- Your password manager
One Last Tip
If a service only offers SMS-based 2FA and you'd prefer an app, check if they support the TOTP standard — many do, but it's sometimes hidden further in the settings menu. It's worth looking for.