If you haven’t seen your data exposed in a major data breach within the last five years alone, you haven’t been paying attention. Billions of people worldwide have lost their data many times over. 26 billion records were exposed in a single dataset in 2024, in just one example.
Our takeaway? Passwords just aren’t strong enough by themselves, and two-factor authentication is one of the best possible fixes.
Two-factor authentication works by giving users two (or more) separate forms of identification. When one password has been leaked in a data breach, the other ID can step in to shore up your security. If you haven’t transitioned your biggest online accounts over to two-factor authentication, you’re likely unsafe online.
Here’s how to fix that for your biggest accounts, from Gmail to Facebook and more.
How Turning on Two-Factor Authentication Works
Two-factor authentication, which can be abbreviated as “2FA,” is offered by most major online accounts these days. The exact series of steps will differ in small ways, but the process for turning 2FA on tends to look similar across all accounts.
You’ll want to start by heading to your account settings page. From there, look for a sub-section titled something along the lines of “Security” or “Password and Security” and look for the option to enable “Two-Factor Authentication.”
Then, simply follow the on-screen instructions. You already have one form of ID – the password you use with your account – so you’ll be adding the second one. Popular secondary forms of identification include an SMS text message on your phone, an authenticator app on your phone, a link emailed to your email address, or biometrics such as your fingerprint, your face, or even your retina.
Once it has been set up, your 2FA process will involve occasionally being prompted to copy a code or click through a link sent to the secondary identification source.
Here’s how to set up 2FA in 2025 for these frequently used accounts:
How to Turn on 2FA on Gmail
Gmail is the most popular email service on the planet, so this will likely be your first stop on the 2FA journey. Luckily, Google makes it easy to set up 2FA for your Google account. Here’s how to turn on two-factor authentication for Gmail.
- First, open your Google account by heading to “myaccount.google.com.” If you’re logged in, that link will load your account-specific settings page.
- Next, go to Security > “How you sign in to Google” > Turn on 2-Step Verification
- Follow the on-screen prompts.
Your forms of verification will likely be a phone number and a Google prompt, but might also be an authenticator app, passkey, or backup code.
Google might even give you a pop-up window as soon as you open your My Account page, suggesting that you “add recovery email,” which is a form of 2FA.
How to Turn on 2FA on iPhone
Your Apple account is another prime target for scammers: They can steal personal data or make purchases through your account, such as gift cards that they can then resell for cash.
In other words, you need to know how to turn on two-factor authentication for iPhone. To bolster your security, open up the Settings page within your account and follow these steps.
- From Settings, click on your name.
- Next, go to “Sign-In & Security,” turn on Two-Factor Authentication, and hit “Continue.”
- You’ll be prompted to enter your phone number, so the 2FA text can be sent to it when needed.
- Finally, Apple will send a new code to that phone number, to verify that it works. Enter the verification code and you’re done.
Once 2FA is up and running on your Apple account, you can add additional trusted devices. You’ll only have to enter a verification code once to add a device.
How to turn on 2FA on Facebook
Scammers love heading to the world’s biggest social media app when it comes time to pick out their next victim. After all, it’s home to the Facebook Marketplace, a selling platform that scammers can use to find people who can be tricked into sharing their credit card information or other details.
We’ve covered the worst Facebook scams and how to avoid them in the past. Naturally, one of the best fixes for keeping your account safe is to upgrade your security with 2FA. Here’s how to turn on two-factor authentication for Facebook:
- Open your account menu by clicking your profile picture on the top right.
- Go to “Settings and privacy” > Settings > Accounts Centre > “Password and security” > Two-factor authentication
- Next, click on the account you need to update (any of your connected Instagram accounts will also show up).
- Pick which security method you’d like to add and follow the prompts.
Once you’ve made it through those steps, you have just one more choice left. You’ll have three different options to pick from when setting up your secondary form of ID. Those options include:
- Tapping your security key on a compatible device.
- Login codes from a third-party authentication app.
- Text message (SMS) codes from your mobile phone.
Setting up your 2FA won’t save you from some of the worst scams, however, since phishing scams are among the most common on Facebook Marketplace. Here’s how we’ve explained this issue in the past:
“Sellers have been known to set up fake marketplace listings, before asking buyers to send over a Google verification code or sensitive information like contact numbers, social security numbers, or financial data to prove their authenticity.” -Tech.co senior writer Isobel O’Sullivan
In this case, sharing your 2FA verification code can be the reason you get scammed, not your salvation. Always remember that a third party on Facebook will never ask for one of those codes. Instead, you’ll always be able to enter it directly into the website itself when prompted.
How to Turn on 2FA on Instagram
Meta, the company behind Facebook, is constantly working to expand its social platform dominance, from scooping up influencers from a besieged TikTok to attempting to purchase their rivals outright. Snapchat turned the company down multiple times, but Whatsapp and Instagram are among the biggest brands that have been owned by Meta for well over a decade now.
As a result, you’ll be able to set up a 2FA security process for your Instagram account online by following the exact same process we’ve outlined above for your Facebook account. When you get to the step that requires you to click on the account that you want to add two-factor authentication to, just pick your Instagram account.
This works even if you have multiple Instagram accounts, such as ones for your pet, child, or fan page.
How to Turn on 2FA on Microsoft Outlook
After Gmail, Microsoft Outlook is the second most popular email service, with more than 400 million accounts in operation. Naturally, scams are a big risk on a platform with a userbase that wide. And, as you might be able to guess, 2FA is one of the best ways to shore up your security.
Here’s how to turn on two-factor authentication for your Microsoft Outlook account:
- Head to this link: account.microsoft.com/security
- Log into your account
- You’ll see a button towards the upper right-hand side that reads “Two step verification: Turn on.“
- Clicking this triggers a code, sent to your account’s email address, that you’ll need to enter in order to proceed.
- Next, you’ll see a new Security page that includes a button “Two-step verification: OFF.”
- Click on the “Manage” link underneath it, and follow the on-screen prompts.
Outlook has an entire process for setting up your 2FA, which include the option to set up an authenticator app, get a unique recovery code that you can write down somewhere as an analog recovery system, and the ability to craft an app password for accounts that don’t support 2FA codes, like Xbox 360 and the Windows Phone 8 (or earlier models).
Final Tips for Staying Secure Online
Adding a 2FA system on top of your standard password is a great start to staying safe online. Ensuring that your password is a relatively strong one is another big step – we’ve covered examples of the strongest and weakest types of passwords in the past, if you’re looking for a start.
Getting yourself a password manager is another helpful step for anyone with more than a dozen online accounts. These digital tools will store and manage all your passwords for you, and you’ll just have to remember a single main password in order to access all of them whenever you need them. We’ve created a guide to setting up a password manager, and some of the best options include brands like LastPass and 1Password.
Perhaps the best advice is to stay aware of phishing attempts and social engineering scams, however. As long as people like you and me are behind a keyboard, the human element can never be removed. And ironically, the people who think that they’re too smart to be tricked out of their personal data are always among the most vulnerable.
Stay safe, enable two-factor authentication, and always check twice before clicking that link from that email claiming to be your Paypal Credit account.