Two factor authentication (also called 2FA) is the term for a second form of authentication that is required before a web service allows you to log in. Many web users decide to combine that with their own vpn (check out the best vpn for canada for more information) to further increase their online security when making use of web services. Typically, 2FA is enabled by sending a text message with a one-time code to your mobile phone, which you then need to enter in addition to your password. (This is often referred to as needing to have “something you know” such as your password, and pairing it with “something you have” such as your phone.)
Decided to do a little research on a number of common web services, in the wake of the Heartbleed bug from this week. While engaging in a best practice such as using a different password for every site and managing those passwords through a password manager (e.g. LastPass or 1Password) can provide an increased level of security, enabling 2FA is another highly recommended tool in the personal security toolbox. So, without further ado, here are the links to enable 2FA for fifty top websites. If you see any errors, or have other sites to add, please leave them in the comments and I’ll try to update this list.
Site |
Comments |
How to enable 2FA |
|
Adobe Creative Cloud |
Adobe Creative Cloud does not currently support 2FA. |
N/a |
|
Amazon.com |
Amazon.com and Amazon Prime do not currently support 2FA. |
N/a |
|
Amazon Web Services (AWS) |
“AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your username and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their username and password (the first factor – what they know), as well as for an authentication code from their AWS MFA device (the second factor – what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources.” |
||
Apple iCloud |
“Two-step verification is an optional security feature for your Apple ID. It requires you to verify your identity using one of your devices before you can: Sign in to My Apple ID to manage your account. Make an iTunes, App Store, or iBooks Store purchase from a new device. Get Apple ID-related support from Apple. Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account.” |
||
Apple iTunes |
“Two-step verification is an optional security feature for your Apple ID. It requires you to verify your identity using one of your devices before you can: Sign in to My Apple ID to manage your account. Make an iTunes, App Store, or iBooks Store purchase from a new device. Get Apple ID-related support from Apple. Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account.” |
||
Bank of America |
“The SafePass feature is Bank of America’s extra layer of protection against fraud and identity theft as you use Online Banking. The SafePass feature lets you authorize transactions using one-time, 6-digit Passcodes.” |
https://www.bankofamerica.com/privacy/online-mobile-banking-privacy/safepass.go |
|
Basecamp |
“Add another layer of security to your account by enabling phone verification. Every time you sign in, we’ll send a text message to your mobile phone with a verification code. You can also verify your sign in with a phone call. Phone verification will be applied to all the accounts you access with your ID. You’ll also be prompted for a security code on mobile devices.” |
||
BitPay |
“For added security on your account, you can enable your smartphone as a second authentication method at login. Once two-factor authentication is setup, you will need to use it with your username and password at login.” |
||
Bitstamp |
“Phone verification will be applied to all the accounts you access with your ID. You’ll also be prompted for a security code on mobile devices.” |
https://www.bitstamp.net/article/update-bitstamp-adds-support-two-factor-authentica/ |
|
Bluehost |
BlueHost does not support 2FA. |
N/a |
|
Box.net |
“In order to enable 2-step login verifications for your users, navigate to the Security tab within Enterprise Settings. In the Application Management section, check the box next to the “Login verification” label. Please note that if Single Sign On (SSO) is enabled for your account, you will not be able to turn on 2-step login verification.” |
https://support.box.com/hc/en-us/articles/200520628-Admin-Console-2-Step-Login-Verification |
|
Buffer |
“2-Step Login, adds an extra layer of security for your Buffer account. Whenever you log in to your account, after entering your username and password, you will be asked for a second authentication code that was sent to your mobile phone via text or free mobile app.” |
||
CapitalOne |
CapitalOne does not support 2FA. |
N/a |
|
Chase.com |
“When you first attempt to log in to Chase Online with using the Chase Mobile browser, we’ll ask you to verify that you own the accounts you want to access. To do this, you’ll need to request an Identification Code, which you can receive by phone, email or text message. When you receive your Identification Code, use it to complete the activation process and log in to the secure site on m.chase.com. This helps protect your accounts from unauthorized access, even if someone has your login credentials.” |
https://mobilebanking.chase.com/Public/Docs/Faq?nodeId=1&itemId=2 |
|
Cloudflare |
“With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers’ website security, but their account security as well. Therefore, we are excited to now offer two-factor authentication for all CloudFlare accounts.” |
http://blog.cloudflare.com/2-factor-authentication-now-available |
|
Coinbase |
“Two-factor authentication is a great way to make your Coinbase account more secure. What is it? Well, it’s a fancy word that basically means “getting a pin code on your cell phone” when you log in.” |
http://blog.coinbase.com/post/25677574019/coinbase-now-offers-two-factor-authentication |
|
Dreamhost |
“Multifactor Authentication is a way to increase the security of your account that requires you to enter additional one-time passcodes before you can gain access to your DreamHost account. It’s a smart move that can help to protect you from hackers and website hijackers.” |
http://wiki.dreamhost.com/Enabling_Multifactor_Authentication |
|
Dropbox |
“Two-step verification is an optional but highly recommended security feature that adds an extra layer of protection to your Dropbox account. Once enabled, Dropbox will require a six-digit security code in addition to your password whenever you sign in to Dropbox or link a new computer, phone, or tablet.” |
||
eBay |
|
Via PayPal |
|
Etsy |
“When you first joined Etsy, you entrusted us with the responsibility to protect the personal information necessary to set up an account, make a purchase, or open a shop. In turn, we ensure that each new feature we launch on Etsy lives up to our high standards of security and Internet privacy. We are happy to share that today we’re launching three new optional security settings that offer Etsy members further control and visibility into their accounts. Additionally, as our platform has evolved in the last year, we’ve revisited our policies and are making several changes to our Privacy Policy. I’ll walk you through both below.” |
||
Evernote |
“We take the security of your data very seriously. Several months ago, we introduced two-step verification along with several other security features. Today, we’re opening two-step verification up to everyone.” |
http://blog.evernote.com/blog/2013/10/04/two-step-verification-available-to-all-users/ |
|
|
“Facebook has always been committed to both protecting our users’ account and information, as well as giving them more control over their Facebook experience. From our User Operations team, who work to re-secure compromised accounts, to the Engineering team that designs and implements new security features like login notifications, one-time passwords, and remote session management, everyone at Facebook is working to ensure users have a safe, enjoyable experience.” |
||
Github |
“Two-factor authentication, or 2FA, is a way of logging into websites that requires more than just a password. Using a password to log into a website is susceptible to security threats, because it represents a single piece of information a malicious person needs to acquire. The added security that 2FA provides is requiring additional information to sign in. In GitHub’s case, this additional information is a code delivered to your cell phone, either as a text message (SMS) or generated by an application on your smartphone. After 2FA is enabled, GitHub generates a security code that is sent to your phone any time someone attempts to sign into your GitHub account. The only way someone can sign into your account is if they know both your password and have access to the security code on your phone.” |
https://help.github.com/articles/about-two-factor-authentication |
|
Gmail |
“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.” |
https://support.google.com/accounts/answer/185839?hl=en&topic=1056283&ctx=topic |
|
GoDaddy |
“Two-Step Authentication adds another layer of security to your account by texting you a validation code to enter whenever you log in or make important account changes.” |
http://support.godaddy.com/help/article/7502/enabling-twostep-authentication?pc_split_value=4 |
|
Google Apps |
“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.” |
||
Google+ |
“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.” |
https://support.google.com/accounts/answer/185839?hl=en&topic=1056283&ctx=topic |
|
Hootsuite |
“HootSuite’s 2-Step Verification security feature uses Google Authenticator (powered by Google) to enhance the protection of your HootSuite account. Google Authentication uses something your know (your password) and something you have (your mobile device). You will receive a short numeric code on your mobile device to enter in addition to your username and password. Each code has a one-time use, and a new code will regenerate every 30 seconds. Paired with HootSuite’s Location Verification System, your HootSuite account has added protection no matter where you are.” |
https://help.hootsuite.com/entries/22527304-Managing-Google-Authenticator |
|
HostGator |
HostGator does not support 2FA. |
N/a |
|
|
Instagram does not support 2FA. |
N/a |
|
Intuit TurboTax |
Intuit TurboTax does not support 2FA. |
N/a |
|
Joomla |
“Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in collaboration with the Google’s famous Authenticator App.” |
http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection/24822 |
|
|
“At LinkedIn, we are constantly looking for ways to improve the security of our members’ accounts. All LinkedIn accounts are already protected by a series of automatic checks that are designed to thwart unauthorized sign-in attempts. Now, we are introducing a new optional feature that adds another layer of security to your LinkedIn sign-in: two-step verification.” |
http://blog.linkedin.com/2013/05/31/protecting-your-linkedin-account-with-two-step-verification/ |
|
Mailchimp |
“AlterEgo is a MailChimp app designed to add two-factor authentication to your account. Integrating AlterEgo with MailChimp helps keep your data safe by providing an additional layer of security that must be breached before an attacker can access your account. Because we feel so strongly about security, we also offer a 10% discount for MailChimp accounts integrated with AlterEgo.” |
https://blog.mailchimp.com/alterego-now-works-with-google-authenticator-and-yubi-key/ |
|
PayPal |
“The PayPal Security Key creates random temporary security codes that help safeguard your PayPal account when you log in. It comes in 2 types, each with different advantages: Security key: You carry this small credit-card sized device with you. It creates a unique security code on the go. Mobile phone security key: You can sign up to get security codes sent by text message to your mobile phone.” |
||
|
Pinterest does not support 2FA. |
N/a |
|
Salesforce.com |
“Two Factor Authentications – is a system wherein two different methods are used to authenticate. Using two factors as opposed to one delivers a higher level of authentication assurance.” |
https://help.salesforce.com/HTViewSolution?id=000005464&language=en_US |
|
Secret |
Secret does not support 2FA. |
N/a |
|
Snapchat |
Snapchat does not support 2FA. |
N/a |
|
Soundcloud |
Soundcloud does not support 2FA. |
N/a |
|
StackOverflow |
StackOverflow does not support 2FA. |
N/a |
|
Steam |
“Steam Guard is an additional level of security that can be applied to your Steam account. The first level of security on your account is your login credentials: your Steam account name and password. With Steam Guard, a second level of security is applied to your account, making it harder for your Steam account to fall into the wrong hands.” |
https://support.steampowered.com/kb_article.php?ref=4020-ALZM-5519 |
|
SurveyMonkey |
SurveyMonkey does not support 2FA. |
N/a |
|
Target |
Target does not support 2FA. |
N/a |
|
Tumblr |
“TFA makes it especially difficult for anyone other than you (e.g., hackers, exes, et al) to access your Tumblr account. How? Well, aside from your regular login info, you’ll need a couple extra things to get to your Dashboard: Your phone (which you’ve password-protected, right?) A unique, single-use code (sent via text or generated by an authenticator app)” |
||
|
“Every day, a growing number of people log in to Twitter. Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web. Today we’re introducing a new security feature to better protect your Twitter account: login verification. This is a form of two-factor authentication. When you sign in to twitter.com, there’s a second check to make sure it’s really you. You’ll be asked to register a verified phone number and a confirmed email address.” |
https://blog.twitter.com/2013/getting-started-with-login-verification |
|
Wells Fargo |
WellsFargo does not support 2FA. |
N/a |
|
WordPress.com |
“The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry. If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail/Dropbox/Lastpass/Amazon etc. The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.” |
||
Yahoo |
“For Yahoo! checks not only the password when somebody-you, hopefully-attempts to log in to your account; it also looks at the location and computer whence the attempt is made. If one looks suspicious (say, a device you’ve never used before), Yahoo! Mail can require more than merely the password-if you have two-step authentication enabled.” |
||
YouTube |
“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.” |
https://support.google.com/accounts/answer/185839?hl=en&topic=1056283&ctx=topic |