How to Avoid Being Hacked: Two-Factor Authentication

Multi-factor authentication (MFA) makes it much more difficult for a hacker to gain access to your stuff online, and the most common form of consumer MFA is two-factor authentication (2FA). A very common form of 2FA is the debit card. One factor is the card itself, which contains magnetic identification information (these days, a chip) and a PIN that you provide when you drop the thing into an ATM. It’s simple and pretty good at keeping others out of your accessible ATM cash. 2FA is important for your online accounts, such as email and iCloud accounts.

While I admit it can be a bit of a pain to have to do something extra to get into your account, it’s a lot less painful than having your identity stolen, losing access to your email, or responding to your friends who wonder why you’ve said such crazy things about them (unless of course you actually said those crazy things). Or, God forbid, have someone log in as you to one of your game accounts.

This is how two-step authentication or 2FA works for a couple of different types of online accounts. (Note that these services change things from time to time, so it’s good to keep abreast of any such changes.)

Google 2-Step Verification Settings

First, sign in with your username and password (in Part 3, we’ll choose smart passwords) to your Gmail account. There should be an avatar in a circle near the top left corner of the window. Maybe it’s even a photo of you. Click on it and you will see “My Account”. (By the way, this changes every two years) In the new window that opens, click “Sign in and security.” Click “2-Step Verification” and then “Get Started.” It’s time to enter your username and password again. Enter a phone number and click if you want to receive a text or phone call. Then, magically, you receive a text or phone call with a 6-digit verification code. Enter it and select the option to turn on two-step verification. It is easy. Ok, it’s several steps, but not that difficult.

You may prefer to collect your Gmail with some other application, such as Outlook, rather than using a browser to go to the Gmail page for your mail. If so, it’s possible that once you’ve turned on 2-Step Verification, your Outlook (or another app) keeps telling you that you have the wrong password, even though you know full well it’s correct. This has happened to me. You probably need Google to provide you with an app-specific password that Google will generate for you. You’ll need to go to the app’s passwords page, which at the time of writing is located here.

Select the app you want it for (if Outlook, then you’d select “Mail”), then the device you’re using (Google magically presents a list of the devices you use with its services). Then select “Generate”. It will show you a 16-digit number in a yellow bar to use as your new password for that app (Outlook, for example) on that device (do not enter the spaces). You can save that password in your app and you may need that number again in the future.


yahoo! It’s similar: log in to your account, go to the account security page, click on “2-Step Verification” and toggle the toggle there to turn it on. Select an option to receive a text message or phone call for verification. Enter the code that comes to you via text message or phone call. At this point, you can create an app password, similar to Google’s process above for its various apps like Outlook or Apple (iOS) Mail.


Now, let’s set up 2FA on your iCloud account. First, you must have a passcode set on your iPhone or iPad.

Click on the Settings app. If your device is using iOS 10.3.3, click your name (or the name of the account you use to sign in), then “Passwords & Security.” Did I mention this will change as Apple keeps us on our toes by changing everything once we’re comfortable with the older version? In the most recent older version, you would have clicked Settings, then iCloud, then your name, then Password & Security. But I ramble…

Now tap on “Turn on two-factor authentication”. Prepare to answer a few security questions, which we’ll discuss in a future article, and then enter the phone number where you want to receive the code for 2FA and, as before, select whether you want a phone call or a text message.


For a Mac, open System Preferences, select iCloud, then “Account Details.” You may need to sign in with your Apple credentials. As above, answer your security questions if prompted, enter the phone number where you want to receive calls or texts for verification. Once again, a magical robot instantly sends you the code and you must enter it into the field waiting for your response.

Once activated, you will receive a message asking for your approval if an unknown device or location logs into your account. Note that on a Mac, that notification can sometimes be in a window that’s hidden behind another, so look for it if you’re having trouble getting the request approved.

Speaking of issues, it seems like a lot of work to have two-factor authentication, but once it’s set up, it’s not too painful and will add considerable security to your accounts, as well as considerable barriers to potential hackers. So do it!

Next time, we’ll talk about passwords, access codes, and why you shouldn’t fill out those fun quizzes all your friends send you.

Then in part three: choosing smart passwords and secret questions (aka giving away the form).

Leave a Reply

Your email address will not be published. Required fields are marked *