A Cheat Sheet for Securing Your Accounts with Two-Step Verification

I first switched on two-step verification for online banking and other cloud accounts two years ago, and while I can’t say I’ve slept better, I can say that any sleep deprivation has been a function of parenthood, work, or jet lag — not from worrying about somebody “pwning” my email.

Masked man at keyboard
Masked man at keyboard

(Thinkstock)

With two-step verification, your password is no longer your account’s last line of defense. Instead, you verify your login with a second bit of information, usually temporary, that only you should have at hand.

That second bit can be a numeric passcode sent to you as a text message that expires after a brief period. It can be a number computed by an app on your phone while your mail service’s computers are generating the same number. It may be a request displayed in your copy of a service’s mobile app.

It can also be one of a set of backup codes you print out and stuff in another information-storage device you know how to keep safe: your wallet. Don’t forget to do that last step, lest you find yourself locked out of a site when you’re in an area with poor cell coverage and you can’t receive a text with a login code.

What can be less than obvious about two-step verification is how to turn it on. That’s because not every site makes it easy. Here’s a short list of banks, email services, social networks, and other sites that know how to perform the login two-step, along with instructions on how to do it:

Ally Bank

Bank of America

Chase

Yahoo

Gmail

Microsoft Outlook.com/Hotmail

Apple iCloud

Facebook

Twitter

Dropbox

WordPress

For a comprehensive list of sites offering this feature — as well as those working on it and those without announced plans to do so — see Josh Davis’s directory here.

Email Rob at [email protected]; follow him on Twitter at @robpegoraro.