Imagine someone discovers your email password. Without extra protection, they have complete access to your inbox — and from there, they can reset passwords on your bank, social media, and every account linked to that email address. Two-factor authentication stops this completely.
What is two-factor authentication
2FA adds a mandatory second step to your login. After entering your password, you provide a short code — usually six digits — that is either sent to your phone or generated by an app. This code changes every 30 seconds and can only be used once.
Think of it this way: your password is the key to your front door. Two-factor authentication is also having a deadbolt with a combination that changes every 30 seconds. Even if someone copies your key, they still cannot get in.

The three types of 2FA
SMS text message codes — A six-digit code sent to your mobile by text when you log in from a new device. Better than no 2FA, though it has one known vulnerability called SIM swapping.
Authenticator apps — An app on your phone generates a new code every 30 seconds without needing internet or a text message. More secure and our recommended option wherever it is available.
Hardware security keys — A physical device you plug in. The most secure option but complex to set up. Generally used by journalists, executives, and high-risk individuals.
Which accounts to protect first
- Your primary email account — this unlocks everything else, protect it first
- Your bank accounts and all financial apps
- Facebook, Instagram, Twitter, and all social media profiles
- Your Apple ID or Google account — these control your entire phone
- Any shopping site that stores your payment card details
- Your password manager account

How to enable 2FA on Gmail
Open Gmail and tap your profile picture in the top right corner. Tap “Manage your Google Account”. Go to the Security tab. Scroll down to “How you sign in to Google”. Tap “2-Step Verification” and follow the instructions. The whole process takes about two minutes from start to finish.
What if I lose my phone
When you enable 2FA, save the backup codes provided — printed out or stored in a secure note. Using Authy means your codes are backed up and restorable on any new phone. Most services also let you add a backup phone number or email as an alternative verification method.
Two-factor authentication blocks 99% of automated account takeover attempts. Enable it on your email account today — before you close this page.