How to enable two factor authentication on 50 top websites including Facebook, Twitter and others

Padlock 800px

Two factor authentication (also called 2FA) is the term for a second form of authentication that is required before a web service allows you to log in. Typically, 2FA is enabled by sending a text message with a one-time code to your mobile phone, which you then need to enter in addition to your password. (This is often referred to as needing to have “something you know” such as your password, and pairing it with “something you have” such as your phone.)

Decided to do a little research on a number of common web services, in the wake of the Heartbleed bug from this week. While engaging in a best practice such as using a different password for every site and managing those passwords through a password manager (e.g. LastPass or 1Password) can provide an increased level of security, enabling 2FA is another highly recommended tool in the personal security toolbox. So, without further ado, here are the links to enable 2FA for fifty top websites. If you see any errors, or have other sites to add, please leave them in the comments and I’ll try to update this list.

Site

Comments

How to enable 2FA

Adobe Creative Cloud

Adobe Creative Cloud does not currently support 2FA.

N/a

Amazon.com

Amazon.com and Amazon Prime do not currently support 2FA.

N/a

Amazon Web Services (AWS)

“AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your username and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their username and password (the first factor – what they know), as well as for an authentication code from their AWS MFA device (the second factor – what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources.”

http://aws.amazon.com/iam/details/mfa/

Apple iCloud

“Two-step verification is an optional security feature for your Apple ID. It requires you to verify your identity using one of your devices before you can:

Sign in to My Apple ID to manage your account.

Make an iTunes, App Store, or iBooks Store purchase from a new device.

Get Apple ID-related support from Apple.

Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account.”

https://support.apple.com/kb/HT5570

Apple iTunes

“Two-step verification is an optional security feature for your Apple ID. It requires you to verify your identity using one of your devices before you can:

Sign in to My Apple ID to manage your account.

Make an iTunes, App Store, or iBooks Store purchase from a new device.

Get Apple ID-related support from Apple.

Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account.”

https://support.apple.com/kb/HT5570

Bank of America

“The SafePass feature is Bank of America’s extra layer of protection against fraud and identity theft as you use Online Banking. The SafePass feature lets you authorize transactions using one-time, 6-digit Passcodes.”

https://www.bankofamerica.com/privacy/online-mobile-banking-privacy/safepass.go

Basecamp

“Add another layer of security to your account by enabling phone verification. Every time you sign in, we’ll send a text message to your mobile phone with a verification code. You can also verify your sign in with a phone call.

Phone verification will be applied to all the accounts you access with your ID. You’ll also be prompted for a security code on mobile devices.”

https://basecamp.com/help/guides/you/phone-verification

BitPay

“For added security on your account, you can enable your smartphone as a second authentication method at login. Once two-factor authentication is setup, you will need to use it with your username and password at login.”

https://bitpay.com/two-factor

Bitstamp

“Phone verification will be applied to all the accounts you access with your ID. You’ll also be prompted for a security code on mobile devices.”

https://www.bitstamp.net/article/update-bitstamp-adds-support-two-factor-authentica/

Bluehost

BlueHost does not support 2FA.

N/a

Box.net

“In order to enable 2-step login verifications for your users, navigate to the Security tab within Enterprise Settings. In the Application Management section, check the box next to the “Login verification” label. Please note that if Single Sign On (SSO) is enabled for your account, you will not be able to turn on 2-step login verification.”

https://support.box.com/hc/en-us/articles/200520628-Admin-Console-2-Step-Login-Verification

Buffer

“2-Step Login, adds an extra layer of security for your Buffer account. Whenever you log in to your account, after entering your username and password, you will be asked for a second authentication code that was sent to your mobile phone via text or free mobile app.”

https://bufferapp.com/2step

CapitalOne

CapitalOne does not support 2FA.

N/a

Chase.com

“When you first attempt to log in to Chase Online with using the Chase Mobile browser, we’ll ask you to verify that you own the accounts you want to access. To do this, you’ll need to request an Identification Code, which you can receive by phone, email or text message. When you receive your Identification Code, use it to complete the activation process and log in to the secure site on m.chase.com. This helps protect your accounts from unauthorized access, even if someone has your login credentials.”

https://mobilebanking.chase.com/Public/Docs/Faq?nodeId=1&itemId=2

Cloudflare

“With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers’ website security, but their account security as well. Therefore, we are excited to now offer two-factor authentication for all CloudFlare accounts.”

http://blog.cloudflare.com/2-factor-authentication-now-available

Coinbase

“Two-factor authentication is a great way to make your Coinbase account more secure.

What is it? Well, it’s a fancy word that basically means “getting a pin code on your cell phone” when you log in.”

http://blog.coinbase.com/post/25677574019/coinbase-now-offers-two-factor-authentication

Dreamhost

“Multifactor Authentication is a way to increase the security of your account that requires you to enter additional one-time passcodes before you can gain access to your DreamHost account. It’s a smart move that can help to protect you from hackers and website hijackers.”

http://wiki.dreamhost.com/Enabling_Multifactor_Authentication

Dropbox

“Two-step verification is an optional but highly recommended security feature that adds an extra layer of protection to your Dropbox account. Once enabled, Dropbox will require a six-digit security code in addition to your password whenever you sign in to Dropbox or link a new computer, phone, or tablet.”

https://www.dropbox.com/help/363/en

eBay

eBay itself does not seem to support 2FA, but purchases completed using eBay’s PayPal do support two factor authentication. Update: @tehdpeh has pointed out that eBay uses the same 2FA system as PayPal

Via PayPal

Etsy

“When you first joined Etsy, you entrusted us with the responsibility to protect the personal information necessary to set up an account, make a purchase, or open a shop. In turn, we ensure that each new feature we launch on Etsy lives up to our high standards of security and Internet privacy. We are happy to share that today we’re launching three new optional security settings that offer Etsy members further control and visibility into their accounts. Additionally, as our platform has evolved in the last year, we’ve revisited our policies and are making several changes to our Privacy Policy. I’ll walk you through both below.”

https://blog.etsy.com/news/2012/safety-and-privacy-first/

Evernote

“We take the security of your data very seriously. Several months ago, we introduced two-step verification along with several other security features. Today, we’re opening two-step verification up to everyone.”

http://blog.evernote.com/blog/2013/10/04/two-step-verification-available-to-all-users/

Facebook

“Facebook has always been committed to both protecting our users’ account and information, as well as giving them more control over their Facebook experience. From our User Operations team, who work to re-secure compromised accounts, to the Engineering team that designs and implements new security features like login notifications, one-time passwords, and remote session management, everyone at Facebook is working to ensure users have a safe, enjoyable experience.”

https://www.facebook.com/note.php?note_id=10150172618258920

Github

“Two-factor authentication, or 2FA, is a way of logging into websites that requires more than just a password. Using a password to log into a website is susceptible to security threats, because it represents a single piece of information a malicious person needs to acquire. The added security that 2FA provides is requiring additional information to sign in.

In GitHub’s case, this additional information is a code delivered to your cell phone, either as a text message (SMS) or generated by an application on your smartphone. After 2FA is enabled, GitHub generates a security code that is sent to your phone any time someone attempts to sign into your GitHub account. The only way someone can sign into your account is if they know both your password and have access to the security code on your phone.”

https://help.github.com/articles/about-two-factor-authentication

Gmail

“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”

https://support.google.com/accounts/answer/185839?hl=en&topic=1056283&ctx=topic

GoDaddy

“Two-Step Authentication adds another layer of security to your account by texting you a validation code to enter whenever you log in or make important account changes.”

http://support.godaddy.com/help/article/7502/enabling-twostep-authentication?pc_split_value=4

Google Apps

“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”

https://support.google.com/a/answer/184711?hl=en

Google+

“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”

https://support.google.com/accounts/answer/185839?hl=en&topic=1056283&ctx=topic

Hootsuite

“HootSuite’s 2-Step Verification security feature uses Google Authenticator (powered by Google) to enhance the protection of your HootSuite account.

Google Authentication uses something your know (your password) and something you have (your mobile device). You will receive a short numeric code on your mobile device to enter in addition to your username and password. Each code has a one-time use, and a new code will regenerate every 30 seconds.

Paired with HootSuite’s Location Verification System, your HootSuite account has added protection no matter where you are.”

https://help.hootsuite.com/entries/22527304-Managing-Google-Authenticator

HostGator

HostGator does not support 2FA.

N/a

Instagram

Instagram does not support 2FA.

N/a

Intuit TurboTax

Intuit TurboTax does not support 2FA.

N/a

Joomla

“Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in collaboration with the Google’s famous Authenticator App.”

http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection/24822

LinkedIn

“At LinkedIn, we are constantly looking for ways to improve the security of our members’ accounts. All LinkedIn accounts are already protected by a series of automatic checks that are designed to thwart unauthorized sign-in attempts. Now, we are introducing a new optional feature that adds another layer of security to your LinkedIn sign-in: two-step verification.”

http://blog.linkedin.com/2013/05/31/protecting-your-linkedin-account-with-two-step-verification/

Mailchimp

“AlterEgo is a MailChimp app designed to add two-factor authentication to your account. Integrating AlterEgo with MailChimp helps keep your data safe by providing an additional layer of security that must be breached before an attacker can access your account. Because we feel so strongly about security, we also offer a 10% discount for MailChimp accounts integrated with AlterEgo.”

https://blog.mailchimp.com/alterego-now-works-with-google-authenticator-and-yubi-key/

PayPal

“The PayPal Security Key creates random temporary security codes that help safeguard your PayPal account when you log in. It comes in 2 types, each with different advantages:

Security key: You carry this small credit-card sized device with you. It creates a unique security code on the go.

Mobile phone security key: You can sign up to get security codes sent by text message to your mobile phone.”

https://www.paypal.com/us/cgi-bin/webscr?cmd=_security-key

Pinterest

Pinterest does not support 2FA.

N/a

Salesforce.com

“Two Factor Authentications – is a system wherein two different methods are used to authenticate. Using two factors as opposed to one delivers a higher level of authentication assurance.”

https://help.salesforce.com/HTViewSolution?id=000005464&language=en_US

Secret

Secret does not support 2FA.

N/a

Snapchat

Snapchat does not support 2FA.

N/a

Soundcloud

Soundcloud does not support 2FA.

N/a

StackOverflow

StackOverflow does not support 2FA.

N/a

Steam

“Steam Guard is an additional level of security that can be applied to your Steam account. The first level of security on your account is your login credentials: your Steam account name and password. With Steam Guard, a second level of security is applied to your account, making it harder for your Steam account to fall into the wrong hands.”

https://support.steampowered.com/kb_article.php?ref=4020-ALZM-5519

SurveyMonkey

SurveyMonkey does not support 2FA.

N/a

Target

Target does not support 2FA.

N/a

Tumblr

“TFA makes it especially difficult for anyone other than you (e.g., hackers, exes, et al) to access your Tumblr account. How? Well, aside from your regular login info, you’ll need a couple extra things to get to your Dashboard:

Your phone (which you’ve password-protected, right?)

A unique, single-use code (sent via text or generated by an authenticator app)”

http://www.tumblr.com/docs/en/two_factor_auth

Twitter

“Every day, a growing number of people log in to Twitter. Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web.

Today we’re introducing a new security feature to better protect your Twitter account: login verification.

This is a form of two-factor authentication. When you sign in to twitter.com, there’s a second check to make sure it’s really you. You’ll be asked to register a verified phone number and a confirmed email address.”

https://blog.twitter.com/2013/getting-started-with-login-verification

Wells Fargo

WellsFargo does not support 2FA.

N/a

WordPress.com

“The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry.

If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail/Dropbox/Lastpass/Amazon etc.

The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.”

http://wordpress.org/plugins/google-authenticator/

Yahoo

“For Yahoo! checks not only the password when somebody—you, hopefully—attempts to log in to your account; it also looks at the location and computer whence the attempt is made. If one looks suspicious (say, a device you’ve never used before), Yahoo! Mail can require more than merely the password—if you have two-step authentication enabled.”

http://email.about.com/od/yahoomailtip1/qt/How-to-Protect-Your-Yahoo-Mail-Account-with-Two-Step-Authentication.htm

YouTube

“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”

https://support.google.com/accounts/answer/185839?hl=en&topic=1056283&ctx=topic

3 thoughts on “How to enable two factor authentication on 50 top websites including Facebook, Twitter and others

  1. Great list! Here’s a few you’re missing:

    lastpass
    microsoft live
    zoho
    namecheap
    humble bundle
    origin

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>