How to Set Up Two-Factor Authentication (2FA) on Every App That Matters

What Is 2FA, Really?

2FA (a type of MFA) adds a second step to your login, so even if someone has your password, they still can’t get in without another factor.

You log in with:

• Something you know (your password)

• Plus something you have (a code/app prompt/security key)

Google’s research found that adding a second step can stop 100% of automated bots and the majority of bulk phishing attempts (depending on the method).¹ CISA also says enabling MFA makes you 99% less likely to get hacked.²

Best Practice (Quick + Strong)

Prefer an authenticator app or device prompt over SMS text codes when you have the option. Device prompts and app-based methods generally hold up better against common attacks than SMS.¹

Common authenticator apps:

• Google Authenticator

• Microsoft Authenticator

(If you use Authy, note that Twilio ended support for the Authy Desktop app in 2024—mobile still works, but don’t rely on desktop going forward.³)

Step-by-Step: Turn On 2FA

Gmail / Google Account

Official instructions: Turn on 2-Step Verification⁴

📧 Gmail / Google Account

🔗 Google 2FA

Steps:

1. Open your Google Account settings

2. Go to Security

3. Under “How you sign in to Google,” select 2-Step Verification⁴

4. Click Get Started and sign in⁴

5. Choose a method (prompt/app preferred)

6. Follow the prompts to finish setup
    

📘 Facebook

🔗 Facebook 2FA

Steps:

1. Open Facebook → Settings

2. Go to Accounts Center → Password and security⁵

3. Tap Two-factor authentication⁵

4. Choose your method (authenticator app preferred)

5. Confirm and finish setup
    

🟦 Instagram

🔗 Instagram 2FA

Steps:

1. Instagram → Settings

2. Accounts Center → Password and security⁶

3. Tap Two-factor authentication⁶

4. Choose Authentication app

5. Confirm and finish setup

🛍️ Amazon

Steps:

1. Log into Amazon

2. Go to Your Account → Login & security⁷

3. Find Two-Step Verification (2SV) and select Edit / Get Started⁷

4. Follow the prompts to add your method (app or SMS)

5. Confirm it’s active

 Other Platforms to Cover:

• Twitter / X
   
• LinkedIn
   
• Apple ID
   
• Microsoft / Outlook
   
• Banking apps (Chase, Capital One, etc.)
   
• PayPal / Venmo
   
• Dropbox, Discord, Reddit

Backup Plan (Don’t Skip This)

Set up at least one backup method so you don’t get locked out if you lose your phone:

• Save backup codes (if the platform provides them)

• Add a second method (e.g., app + device prompt) where possible

• Store backup codes in a password manager (not Notes, not email drafts)

Final Checklist

• 2FA enabled on email (first)

• 2FA enabled on banking + payments

• 2FA enabled on socials

• Backup codes saved securely

• Authenticator app installed and working

Sources

1. Google Security Blog (2019) — effectiveness of account protections against bots/phishing (includes 100% bots; 96% bulk phishing for SMS; higher for prompts).

2. CISA — Multifactor Authentication (“99% less likely to be hacked”).

3. Twilio Help Center — Authy Desktop End-of-Life (March 19, 2024).

4. Google Account Help — Turn on 2-Step Verification.

5. Facebook Help Center — How two-factor authentication works on Facebook.

6. Instagram Help Center — Securing your Instagram account with two-factor authentication.

7. Amazon Customer Service — Two-Step Verification help page.