Subscribe to our newsletter!
Stay updated with the latest security news, tips, and promotions.
Stay updated with the latest security news, tips, and promotions.
Our email accounts contain a ton of information about ourselves. We sign up for bank accounts, buy things online, and communicate with others using our email addresses. And the only thing keeping the attackers out is the strength of our passwords.
No matter how complex the passwords are, they are not foolproof. The attackers have cracking tools at their disposal and other tricks to get access to our accounts. Two-factor authentication prevents attackers from getting in even when they’ve gotten our passwords.
Two-factor authentication makes the login process a bit more challenging for attackers by adding another layer of security to the normal username and password combination (“what you know”). The second factor could be “something you have,” such as a mobile device, smart card, or a hardware token, or “something you are,” such as fingerprints and other biometric data. Basically, if the attacker tries to log in to your account with your password from an unknown device or browser, the system demands a second verification. Unless the attacker has access to your mobile device or your fingerprints, the attack cannot proceed, and therefore your account remains safe.
Several web-based email services have rolled out two-factor authentication. If your mail provider is one of them, you should turn on the additional security protection immediately. Here is how.
Gmail
If you have a Google account, login to your account and click on your name in the upper right corner of the screen. In the resulting menu drop-down, click on Account to access the account settings page. Under Security, there is an option for 2-step verification. Click on Edit to start the sign-up process.
The step-by-step setup process guides you through the process of associating a mobile number to your account. Essentially, whenever someone logs into your account from an unknown browser or device, Google sends a challenge code to your mobile device via SMS. You need to enter that code on the screen to be able to log in.
Note that if you have an Android device, you can decide to download the Google Authenticator app, which will generate the code on your app instead of bothering with SMS messages.
Yahoo!
If you have a Yahoo! account, log in to your account, click on your name in the upper-right corner, and go to the your Account Info page. You may be prompted to enter in your password again.
Under Sign-In and Security, Look for Set up your second sign-in verification and follow the prompts to enter your mobile phone number. Yahoo! will send you a test message to your number via SMS, which you must enter to verify the process worked.
Hotmail/Outlook
If you have a Hotmail/Outlook account, login to your account, click on your name at the upper right and click on Account settings. Under the menu to the left, click on Security info. Make sure to have your mobile device handy to set up the two-step verification. Once you’re in the Security info section, underneath Two-step Verification, click on Set up two-step verification and follow the instructions.
There you have it. Your accounts are much more secure than they used to be. Perhaps it’s time to protect your Facebook account as well?
35 comments on “How to Turn on Two-factor Authentication for Your Email Accounts”
This will definitely help those who are still not very clear about what Two-factor authentication is all about.
Great post, I definitely set up two factor authentication on my emails, after my mother’s was hacked. We had a hell of a time trying to change her bank accounts and such.
Thank you very much for posting this! 😀
This is of no use for those of us who do not have a cell phone!!
Unfortunately, not everything can be catered to everyone. Depending on your email provider, some may give you alternative options. You’ll have to dig around to see what alternative options they might have.
Today is Nov 15, 2014 and Zone Alarm is still giving this Sept 2013 answer that “Unfortunately, not everything can be catered to everyone.”
Isn’t it time someone started exploring possibilities other than texts to mobile phones?
There are companies out there, such as Yuibco, that provide physical devices for two-factor authentication.
Great help! Thanks.
It worked fine with Gmail and hotmail. It is useless with Yahoo for me, since I do not receive texts and it has no voice phone call feature like the other two.
Thanks for the information, great help. Looking forward to more such helpful and useful advice.
How would I handle this scenario: I loose my mobile phone while on holiday, and want to send a message?
As far as I can see, I now can’t call (as all my numbers are in the phone), and I can’t email either.
Don’t get me wrong, I like the concept of two factor authentication, but just want to clear up this part.
Depending on your email provider, some may give you alternative options. You’ll have to dig around to see what alternative options they might have.
This is fine, but I could see it being a pain if travelling outside my home country (which I do, regularly). First the additional cost of international texting (which will become significant if you are logging into multiple accounts and/or more than once to the same account) and second, the delivery of such texts is not always speedy (think, hours, rather than seconds in some cases). Is there any way to do this without the whole SMS thing?
I like the idea of ddbl authentication but I have to ask myself if I give my cell number out so yahoo or gmail can send me a sms what’s stopping them from targeting me with junk sms and or others they associate with now that they have my number?
This is good advice but not very helpful to those that don’t have a cell phone for those that don’t have one since that seems to be the route in to turn 2nd authentication on. But I don’t use anything but Linux to access my web-mail accounts and financial data.
Unfortunately, this assumes you have a “mobile device” (and incurring the associated costs).
What do you do if you don’t have a mobile phone?
Depending on your email provider, some may give you alternative options. You’ll have to dig around to see what alternative options they might have.
Another great post….thanks a million!
Very helpful blog. I did not know the facility existed, if my email provider did tell me then is must have been in very small print. A useful security extra.
What about AOL. As you can see by my email address I use AOL. I really do not wish to change over to another email server because that means notifying all my contacts. Many of whom won’t pay any attention to the announcement, and then try sending to aol, only to find that we don’t respond. They will probably think we are dead.
Unfortunately, we cannot cover all email platforms out there. If you’re using AOL email, you can probably browse around your settings or preferences, that is if AOL offers two-factor authentication.
Hi – this was very helpful as with many of your newsletters, thanks. I have turned on my two-way verification on my Hotmail account but have had difficulty finding where to do it in my Microsoft Outlook 2007 account. It must be staring me in the face but I cannot see where to do this – can you give me a hint as to which folder/subsection it is in? (Yes, I know IT IS time to update my Outlook). Thanks again for your help.
Since Microsoft Outlook (not outlook.com) is a client-based email system, the only way to access your email is through the computer that the application was installed on. Unlike client-based email, Web-based email such as Hotmail, Gmail, and Yahoo mail can be access through their respective website. The ability to access web-based emails by you (or anyone who has the password) anywhere is where two-factor authentication comes into play to preventing unauthorized access.
Thank you for a valuable tip.
You can log in directly to a CPanel email address without logging into the web site.
As far as I can see, there is no provision for recovery due to a forgotten password. I could find no such recovery. Is this true/
Some of us do not own cell/mobile phones. Are we out of luck?
There may be alternative options such as hardware that provides two-factor authentication. We suggest you research on the web to see if any of those devices suit your needs.
I’m not in the mood of giving my mobile phone number to a number of places. And what about the security question solution? Why is it ruled out? And why not use pass sentences instead of pass words? Don’t say that something like “granny moved to florida in 1956” can be broken in minutes.
The longer the password, the better. As for security questions, check out out blog on https://blog.zonealarm.com/2013/12/how-your-email-account-could-be-the-weakest-link-to-your-online-accounts/ and see how security questions can be easily guessed. Two-factor authentication is simply an additional layer of protection in case someone guesses the password or security question to your account.
I have noticed you don’t monetize your website,
don’t waste your traffic, you can earn additional
cash every month because you’ve got hi quality content.
If you want to know how to make extra $$$, search for: Mertiso’s tips
best adsense alternative
I have noticed you don’t monetize your page, don’t waste your traffic,
you can earn additional bucks every month because you’ve got
high quality content. If you want to know how to make extra $$$, search for:
Ercannou’s essential tools best adsense alternative
I was recommended this website by my cousin. I am no longer sure
whether or not this submit is written via him as no one else realize such specific approximately my
difficulty. You’re amazing! Thank you!
I’m impressed, I must say. Rarely do I encounter a blog that’s both educative and
amusing, and let me tell you, you have hit the nail on the
head. The problem is something which not enough people are speaking intelligently about.
Now i’m very happy that I came across this during my hunt for something concerning this.
– Calator prin Romania
There are 2fa solutions that do not require a mobile phone – for example there are hardware tokens (self-contained authentication devices that generate time or event based one time passwords), FIDO based security keys and biometric solutions (amongst others).