Skip to main content

Use two-factor authentication (2FA) at all these websites

We imagine no 9to5Mac reader needs to be told to use two-factor authentication (2FA) security wherever possible, but how do you know which websites support it … ?

If you need to convince non-techy friends to use two-factor authentication, you can point them to this quick guide – and the link to a directory of all the websites which support it.

The problem

Website breaches happen all the time, which gives the attacker a list of usernames and passwords. Knowing how many people use the same logins for multiple websites (please don’t do that), the first thing they do is try the same credentials on a whole bunch of popular sites.

But even if you use unique passwords for each site, a hacker who gains access to your account on sensitive sites could cause you a lot of trouble. Think Apple ID, LinkedIn, Google, and so on. Both your privacy and your cash could be at risk.

The solution: Use two-factor authentication

Two-factor authentication is sometimes referred to as “something you have, and something you know.” Think of using an ATM – your bank card is something you have, and your PIN is something you know.

For online services, your password is the “something you know.” The “something you have” may be a specific piece of hardware; for example, some banks issue hardware devices to generate codes. But more usually, it’s your phone.

How 2FA works with your smartphone

Whenever you login to a website for the first time on a new phone, you’ll use your username and password as usual – but it will then ask you for a one-time code to complete that login. You might also see this code referred to as a software token.

One option usually offered is to text the code to you. Ideally, you shouldn’t use this method, as it is vulnerable to what are known as SIM-swap attacks – where a hacker poses as you to persuade your carrier to issue a new SIM, and send it to them. All your texts – including 2FA codes – then go to them instead of you.

A better option, when offered, is to use an authentication app. The iPhone has this capability built-in. Alternatively, you can use a third-party app like Google Authenticator. Either way, when you tell a website you want to use 2FA, it will display a QR code. You point your phone’s camera at the code, and that sets it up for you.

Once it’s set up, you usually get the option to remember your device – then you can skip the code next time, as the website can see you are using a phone which belongs to you.

Where can you use two-factor authentication?

A lot of websites offer 2FA these days. To check whether your important sites do, search for it in this directory.

Alternatively, if you need help identifying websites where you might want to use it, you can browse by category to see all the sites which offer it.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications