In the last two parts, we walked you through the importance of strong, unique passwords, as well as establishing a primary email address that you will use for controlling and managing your accounts. Having everything in one secure place can make things a whole lot easier. Now we’re going to cover setting up Multi-Factor Authentication to add an extra layer of security to your primary email and your other accounts.
Here’s where we are at:
- Create a few strong master passwords
- Choose a primary email for your accounts
- Secure that email with a new, strong password
- Choose a Multi-factor authentication app
- Set up Multi-factor authentication on your primary email
- Select and set up a password manager
- Update every account, secure it, and log it in the password manager
- Delete old passwords stored in your browser (or in word documents, spreadsheets, sticky notes, or anywhere else)
- Maintain the course!
Set Up an Authentication App
It’s referred to as Multi-Factor Authentication (MFA) or 2-Factor Authentication (2FA). They are essentially the same thing, and you’ve probably run into accounts that require this. When you log into an account, you get an email or a text message with a 6 or 8-digit PIN that is required for you to finish the login process.
This adds a huge layer of security to your accounts because not only does someone need to know your password to get into something, they need to have access to your phone or email.
The most iron-clad way to set this up is to use an authenticator app that installs on your phone, and can easily be carried over to new phones when you upgrade.
An authenticator app will prompt you to scan a QR code to enter the account into the authentication app. Once done, the account will display a 6-digit number that refreshes every 30 seconds. You’ll use that as your authentication PIN for the account moving forward.
Let’s take a look at some of the most popular authentication apps:
Google Authenticator is a good choice for this if you are already using Google’s ecosystem (for instance, if you use Gmail for your primary email). As long as you take good care of that Google account, moving from one device to another is seamless and ensures you’ll always have access to your authentication codes.
Install Google Authenticator for Android here
Install Google Authenticator for iOS here
Microsoft Authenticator is good too, but you will be required to manually back up the app and restore it when you get a new device.
Install Microsoft Authenticator for Android here
Install Microsoft Authenticator for iOS here
Apple Passkeys and Apple Keychain are Apple’s take on authenticator apps. If you are in Apple’s ecosystem as opposed to Google, this might be a good option, but not all logins will support Passkeys, so you’ll need Keychain for traditional MFA accounts. Both Passkey and Keychain are built into iOS, and neither have official Android versions.
DUO Authenticator is a popular third-party authenticator, and like Microsoft, you can manually back it up to the cloud and restore it to a new device. DUO is a particularly good option for businesses as it allows for push notifications and can be centrally managed.
Install DUO Mobile for Android here
Install DUO Mobile for iOS here
In summary, If you are using Google in general and have a Gmail account, Google Authenticator is the way to go for your personal life. Keep in mind that your company might have an official solution to use for work-related accounts. Just make sure you are signed into your Google account when using it so it backs up to your account.
Why Don’t We Just Use Text Messages for Multi-Factor Authentication?
Some accounts will let you use SMS text messages for authentication, and while this is better than nothing, it’s a little less secure. There have been plenty of cases where cybercriminals have been able to infiltrate and intercept these text messages to weasel their way into your accounts.
Set up MFA for your Primary Email
Now that you have an authenticator app, you need to start using it!
Start with your primary email account that we established earlier. This is your main email account that you will associate with almost all of your other accounts, so it needs the highest level of security. It won’t prompt you for your MFA code every time you check your email, but it will ask whenever you try to sign into a new device or log out and log back in.
You can typically set up Multi-Factor Authentication in the security settings of any account, but the exact way to find it will depend on the service. Here are a few of the popular ones:
Setting up MFA for Gmail/Google
For Google/Gmail, go to your Account page and go to Security > 2-Step Verification and follow the prompts to set it up in your Authenticator app.
Setting up MFA for Microsoft/Outlook/Hotmail
For your Hotmail or Outlook account, log into your email and click the gear icon. Then go to Options > Account Details, then go to Security & Privacy > More Security Settings, and scroll down to Set up two-step verification. Then follow the prompts to set it up in your Authenticator app.
Setting up MFA for Apple
You can manage your Apple account by signing in to the Manage Your Apple Account page. Then go to Account Security > Two-Factor Authentication and click Get Started…
Follow the prompts to set it up in your Authentication app.
Setting up MFA for Other Emails
Most emails and online accounts have settings to enable multi-factor or two-factor authentication. Typically these are in areas in the settings labeled account, security, privacy, or something similar to that.
Be Sure to Check Out The Rest of the Posts in This Series
This is a five-part guide! Head on back to our blog to see the rest of these articles (we’ll be posting each one every other weekday). You can also click on #Password Guide below to see all of the parts that are currently published.