We stand with Ukraine to help keep people safe. Join us

Topic Data Protection

What Is 2FA and How to Set It Up in Just a Minute

Table of contents

No matter how strong your password is, it won’t do you any good if stolen by cybercriminals. Enabling two-factor authentication (2FA) will ensure no one can access your email or any other account with the password alone.


According to Microsoft, 2FA reduces the likelihood of an account breach by a whopping 99.9%. Despite the security advantages of 2FA, its adoption rates are woefully low. For example, only 2.3% of Twitter users have enabled this additional security function.  


Luckily, you don’t have to be a tech expert to protect your accounts with multi-factor authentication (MFA). Here, you can learn what 2FA is and how to set it up in our article.  


Pro tip: To protect your online accounts and devices from digital threats, use Clario. The security app features 24/7 data breach monitoring and offers instant alerts on leaked passwords, SSN, credit cards, and phone numbers linked to your email. Here’s how to use it:  

  1. Install Clario’s free trial
  2. Create an account
  3. Add an email for data breach monitoring  

What is 2FA and multi-factor authentication (MFA)?

Multi-factor authentication (MFA) is a login verification method requiring several verification factors to access an account. MFA with two levels of protection is referred to as two-factor authentication or 2FA. To access an account protected by 2FA, a user has to submit their login and password as well as a verification code sent to their device.  


MFA requires three components:  

  • Something you know
  • Something you have
  • Something you are — biometrics, voice or a retina scan

A combination of any two of these three factors is called 2FA. To access an account protected by 2FA, you need a password you know and a code sent to a phone you have.

How to set up 2FA

To set up 2FA, you need a phone to verify your identity using a code provided via text message or an authentication app. Here’s how to activate 2FA for Instagram:

1. Tap a user sign or your profile picture at the top right  

User profile in Instagram

2. Tap Settings

Settings in Instagram

3. In the Privacy & Security section, tap Edit Two-Factor Authentication Settings

Enabling two-factor authentication in Instagram

4. Choose either text message or authentication app as a verification method

2FA verification methods in Instagram

5. In a window that opens, tap Turn On

Turning on 2FA in Instagram

6. Enter your phone number and tap Next


7. Enter the verification code and tap Done

2FA verification code in Instagram

Here’s how to set up 2FA for your Apple ID:

1. In the Apple menu, click System Preferences  

System preferences Mac

2. In the Apple ID section, click Password & Security

Password & Security settings on Mac

3. Under Two-Factor Authentication, click Turn On  

Enabling 2FA on Mac

4. Enter your phone number and click Continue

2FA with a phone number on Mac

Now, to log in to your Apple ID account you need a password and code.  

How to use 2FA to prevent a security breach

2FA can substantially reduce the likelihood of a security breach. Why? Well, while it’s possible to guess or steal your password, it’s much harder to obtain your phone and use it for authentication.  


To avoid a security breach make sure to protect the following types of accounts with 2FA:

  • Email
  • A password manager
  • Social media profiles
  • Bank accounts

Start with protecting your email account as this is the entrance to the fortress of your digital security. And unfortunately, both personal and business email accounts are regularly attacked by cybercriminals.  


If cybercriminals get access to your email, they can access all the other accounts linked to it. To break into these accounts, cybercriminals can simply click the Forgot Your Password button and follow the Reset password link provided via email.  


What are the most popular 2FA methods?

The most popular 2FA method is the combination of a password and the second factor - your phone or a one-time password (OTP) that is valid for up to 60 seconds.


Passwordless authentication is also becoming increasingly popular. To access an account, you just have to enter your login on one device, then click a push notification on another one.

What are the least secure 2FA methods?  

SMS verification is the least secure 2FA method because it’s extremely easy to intercept text messages. Hacking tools capable of intercepting messages cost just a few hundred dollars. In addition, texts can be read via malicious applications, which can be installed on your phone.

What are the most secure 2FA methods?  

Security keys are the most reliable means of 2FA. The keys, inserted in a USB port, connect with your phone or computer through Bluetooth and generate a special random key combination. To date, this type of authentication is deemed the most secure.

How to log in to an account after losing a phone?

It depends on the service, and that’s when things can get complicated. For instance, Google Authenticator doesn't sync between multiple devices. So, if you lose your phone, you have to somehow restore all your passwords and associate them with your accounts all over again.


Google and Facebook give you lists of 10-12 backup codes you can print out and keep in a safe place. After losing a phone, you can verify your identity using a backup code.


In the same way, Google and Apple allow you to register a backup phone. Make sure to submit a phone number of a trusted person to have an alternative authentication method. 

Keep reading

Clario’s anti-tracking ensures your private info remains private.

Try Clario free
Click here to start installing