Two-step verification and two-factor authentication add an extra layer of security to accounts you access online, including email addresses and bank accounts. You enter your username and password, but before you get in, you have to enter a second factor — two hoops to jump through.

If someone tries to reset your password and you have 2FA enabled, it’ll be much harder for them to gain access to your account. (It’s similar to needing both a PIN number and a debit card to take cash out at an ATM machine, since it minimizes the damage from someone who might have access to your credit card, but not your PIN number.)


The second factor you’ll need to prove your identity might be a numeric code sent to you via text message, or a code generated on a phone app like Google Authenticator. These codes may expire within a certain amount of time. Another example of a second factor is a security key such as Yubikey, a small hardware device that can be plugged into the USB port of your computer and used to secure passwords on some sites or accounts.

Action item: Set up two-step verification on your Gmail account, if you have one. The steps are listed here: https://www.google.com/landing/2step/. You can choose the method of the second level of identification by selecting phone calls, text messages, the Google authenticator app, or a security key. Make sure to add backup phone numbers for Google to contact you in case you lose your phone, and to print out one-time use backup codes and keep them in a safe place so you can use them if your phone is unavailable, like when you’re on a plane.

Some tips:

  • We do not recommend receiving codes via text message, as it is easy to intercept. Additionally, if you are traveling to a different country, you may not have access to SMS messages. When you first set up two-step verification, you may be asked to use your phone to receive codes for the first time. After the initial set up, please change the method of receiving code to authenticator app, phone, or security key. 
  • Some password managers (1Password) allows you to use their app as an authenticator. This is a good alternative for those sharing passwords and codes within a team.
  • Authy is a good alternative to the Google Authenticator app, as it allows you to receive codes through multiple devices (mobile, desktop) and has backup capabilities.

Bonus: Add 2FA to other accounts you care about if it is available. Your bank, project management software, retail accounts and social media accounts are good places to start. See http://twofactorauth.org for a list. You can even add 2FA to your WordPress site with tools including Clef (freemium) or iThemes Security Pro.

Check out more digital hygiene tips:

  1. Removing public data
  2. Privacy protection on domain names
  3. Https everywhere
  4. Anonymous “Tor” cloak or VPN
  5. Prepare for a DDos attack
  6. Two-step verification
  7. Privacy plug-ins/cookies
  8. Third-party permissions
  9. Image “hidden pixels”
  10. Links and attachments
  11. Install patches and updates
  12. Use a password manager/strong password
  13. Strengthen security questions
  14. Encrypt hard drive/backup data
  15. Click to play
  16. Use end-to-end encryption

Published by michelleferrier

Executive Director, Media Innovation Collaboratory; Founder, Troll-Busters.com | Online Pest Control for Women Writers and Journalists;

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: