News sites regularly inundate us with ominous messages warning us that millions of passwords have been stolen from yet another website. Although often encrypted, large dictionaries make it easier than ever to brute-force not too strong passwords. Even worse, some companies don't put in this absolutely minimal bit of effort to protect their clients: take Facebook (now Meta) as example. The social network awkwardly admitted to have millions of unencrypted passwords stored on their servers - is anyone surprised? Luckily, Facebook offers an extra layer of security - as do more and more other online businesses. This extra security feature is called Two-Factor Authentication (often abbreviated as 2FA). Sometimes, it is also referred to as Two-Step Verification (2SV).

What is 2FA?

Two-Factor Authentication comes in different forms, but in essence it provides you with an extra layer of protection - an extra step to verify that you are really you. Often, this is done by sending an SMS with a verification code to your phone after you logged into the site. If you enter the correct code in the designated input box, you have succesfully proven that the person logging in with the password was really you.

If you want to keep your SMS inbox clean, there is often an option to send the code to your email address. Beware of the possible security risk: if you are using the same password for your email, attackers can get access to verification codes sent by mail. Instead, we advice to use an authenticator app, such as Google Authenticator, Microsoft Authenticator, the LastPass app or 2FA Authenticator (all available on iPhone as well as Android). Good to know: authenticator apps don't require internet connection to log in. Belgian readers might be already familiar with the concept through Itsme.

An authenticator app generates a unique code for each site that is connected to the program. The code is refreshed every minute to guarantee maximum security, while maintaining sufficient flexibility. In two steps, it works as follows:

1. You import a website's key once into your preferred authenticator app by scanning a QR code with your phone.

1. You're all set: whenever you log into the 2FA-enabled website, you just open the app on the phone and enter the generated code into the website to verify your identity.

How to set up Two-Factor Authentication?

In the following section, I will explain how to enable Two-Factor authentication on some popular websites. As the process is usually quite similar for other sites, you should be able to enable 2FA everywhere (provided, it is an option) after having looked at these examples.

Set up 2FA for Facebook

• Log in to facebook and go to settings > security.
• Go to the tab Use two-factor authentication. Click Edit to set up 2FA.

Set up 2FA for LinkedIn

• Log in to LinkedIn and go to Settings & Privacy > Sign in & security > Account access.
• Go to the tab Use two-step verification at the bottom of the page. Click Change to set up 2FA.

Set up 2FA for Amazon

• Log in to Amazon and go to Your Account > Login & security.
• Go to the tab Two-Step Verification (2SV) Settings and click Edit.

• Follow the steps and choose either verification using phone number or Authenticator App.
• If you choose Verification using Authenticator App, you will see a QR code. Open your preferred authenticator app on your phone and scan the QR code. After that, type in the 6-digit verification code in your browser window.

Set up 2FA for Coinbase

• Log in to Coinbase and navigate to Settings > Security.
• In the tab 2-step verification, select either Text message, Authenticator or Security Key.

Set up 2FA for Bol.com

• Log in to Bol.com and navigate to Gegevens & Voorkeuren.
• In the tab Account beschermen, select Extra beveiliging
• Unfortunately, Bol.com doesn't support 2FA yet. However, you can opt-in to login notifications over mail, as well as block access from specific countries.

Set up 2FA for Slack

• Log in to your workspace and navigate to Account > Settings.
• Look for Two-Factor Authentication and click Expand. Then select, Set Up Two-Factor Authentication
• If you need more help, follow the steps in this Slack help page