Need help?

Chat with a Tech Pro or call us
at1-833-202-2695.

Special Offer: All students, parents, & educators get 50% off tech support for the entire school year. Select the Support - Annual plan and enter code “EdTech50” during checkout.

What is Two-Step Verification? (2FA, TFA, 2SV, MFA)

Authored by:
Support.com Tech Pro Team
This Guided Path® was written and reviewed by Support.com’s Tech Pro team. With decades of experience, our Tech Pros are passionate about making technology work for you. We love feedback! Let us know what you think about this Guided Path by rating it at the end.

Protecting our online accounts and identity on the Internet is as important as ever. They contain private information that could unleash havoc on our lives if leaked to criminals. Accounts that are tied to our banking can rack up thousands of dollars in fraudulent charges.

How can we truly protect our accounts? Computers aren't as smart as us so they sometimes don't make great gatekeepers. They use what little information they have about the user when deciding who to give access to the account. On some websites, this could be as little as a username and password.

This is where multi-factor authentication steps in. MFA goes by many other names such as two-step verification and two-factor authentication. It is an added layer of security that is more difficult to crack.

What is multi-factor verification and how does it work? Which online services offer MFA protections? What happens if I lose the phone I was using to verify? Which online services offer two-step verification? Find out here.

Understanding Single-Factor or One-Step Authentication

To understand two-factor authentication, it's best to understand how a computer handles authentication in the first place. This uses just your username and password.
Logging in with a password

Remember, for the most part, your computer is blind and deaf when it comes to knowing who you are. It can't see you and even if it could, it wouldn't recognize faces like people do. It can't hear your voice nor recognize it as yours like humans do. It needs to be told who you are.

Apple ID Username Prompt.

The first thing your computer or online account does is ask who you are. This is your username. A username can be an alias, phone number, but is typically an email address. This is considered by the computer to be common knowledge. In other words, it is shown to you directly, and the computer assumes other people will know your username. In many cases, this is your email address anyway, and that's how other people reach you!

Google User and Password Prompt.

Now that you've put in your username, the computer knows what account to look under. So it asks you to prove that you are that person. It asks for your password.

macOS Password Prompt.

It's a bit like a lock and key. Your account has a lock on it. When you put in your password, it's just like putting in the key to unlock your account.

But, there's a problem with keys. Keys can be easily copied if they're digital. A digital password is often just text. People can eavesdrop over your shoulder to see your password. They can guess it from knowing a little bit about you. They can get your password from another compromised account.

Just like in the real world; a lock and key system will keep honest people out. Dishonest people, though, have little-to-no qualms about bypassing a lock entirely, or even stealing a key. Given that your online accounts are exposed and made available to billions of people online, it's safe to assume a few of those people are dishonest.

When it comes to your most important online accounts, a lock and key may not be enough. This is where multi-factor authentication comes in.

Understanding Two-Step Verification

For your most important digital accounts, you want more than lock and key security. You'd rather have a security guard, or bouncer, checking everyone's ID as they come in and making sure they're who they say they are.
Two step verification

Two-factor authentication or verification provides that extra layer of security. Instead of a simple password, your computer or online service knows about a couple different things. It can verify that the person who signs in is, in fact, you using those different items.

In single-factor authentication, there's only the username and password. Everyone knows what your username is, so the only piece of 'secret' information is the password. In two-factor authentication there's a second step. This is usually verification through another type of communication like a smartphone. This lets your security make sure you are the one using that password.

An Example of How Two-Step Verification Works (Google)

  1. When logging into a Google account, the first thing asked for is your username. This is so the computer knows who is trying to sign in.
    Google User and Password Prompt.
  2. Next, it will ask for your password.
    Google Password Prompt.
  3. With Two-Factor turned on, it double-checks that attempt to log on.

    On Your Computer

    Your computer displays a notice, telling you an extra verification is on your phone.
    Google 2-Step Verification example.

    On Your Smartphone

    Your phone asks if you recognize and allow the login to continue.
    Phone prompt for two step verification

  4. Finally, you are allowed to sign on and use your Google Account.

Keep in mind that this is just one example of how two-factor authentication works with one service. Many different online accounts offer two-factor authentication, and their process for authentication may vary. Most services will make it very clear what the login requirements will be upon enabling two-factor authentication to prepare you for future login attempts.

Putting it All Together

Multi-Factor Authentication.

Now that you know how single-factor and two-factor work you've figured out multi-factor or two-step authentication. Multi-factor provides an extra check at the door of your account. Anyone who wanted access would need to know your username (this one is easy to find out), your password (this one is harder to get), and also have possession of your unlocked smartphone (this one is very, very difficult to get).

Setting Up Two-Factor

Now that you know more about two-factor or two-step verification you should set it up for your own accounts.

Turn On Two-Step Verification for Your Google Account

Set Up Two-Factor Authentication for Apple ID

Use Two-Factor on Your Microsoft Account

Social Media

Set Up Two-Factor Authentication on Your Facebook Account

Set Up Two-Factor Authentication for Twitter

Secure Your Zoom Account with Two-Factor

Shopping

Turn on Two-Factor for Your Amazon Account

Games

Use Two-Factor to Secure Your Twitch Account

Securing Your Blizzard Account

What to do When You Can't Verify

Have you tried to log into an account and your password doesn't work? If you don't have access to a verification device, or you lost your recovery key, there's only one other way to get access. You have to contact the company, prove who you are, and then they'll  reset it for you. This is normally done on a website, as most companies will not allow you to reset a password over the phone for security reasons.

Apple ID will recover your account after a waiting period. They suggest you try resetting your password and if that doesn't work you can try accessing your account and resetting the password using another trusted device. You can even attempt to reset it using a friend or family member's device. If you've lost your recovery key and are unable to verify your account you'll have to visit https://iforgot.apple.com/.

Like Apple, there's no way to call Google and tell them you lost your account. You'll need to go online to Google's recovery site and answer their questions. Answer as many questions as you can, use a familiar device or browser, and be exact.

Your accounts will try to avoid you ever needing to do this, however. Most of them will give you a recovery key and suggest you print it out and keep it in a safe place.

We're here to help!

chat
Connect to a Tech Pro

Call or chat with a Tech Pro 24/7.

Protecting our online accounts and identity on the Internet is as important as ever. They contain private information that could unleash havoc on our lives if leaked to criminals. Accounts that are tied to our banking can rack up thousands of dollars in fraudulent charges.

How can we truly protect our accounts? Computers aren't as smart as us so they sometimes don't make great gatekeepers. They use what little information they have about the user when deciding who to give access to the account. On some websites, this could be as little as a username and password.

This is where multi-factor authentication steps in. MFA goes by many other names such as two-step verification and two-factor authentication. It is an added layer of security that is more difficult to crack.

What is multi-factor verification and how does it work? Which online services offer MFA protections? What happens if I lose the phone I was using to verify? Which online services offer two-step verification? Find out here.

Understanding Single-Factor or One-Step Authentication

To understand two-factor authentication, it's best to understand how a computer handles authentication in the first place. This uses just your username and password.
Logging in with a password

Remember, for the most part, your computer is blind and deaf when it comes to knowing who you are. It can't see you and even if it could, it wouldn't recognize faces like people do. It can't hear your voice nor recognize it as yours like humans do. It needs to be told who you are.

Apple ID Username Prompt.

The first thing your computer or online account does is ask who you are. This is your username. A username can be an alias, phone number, but is typically an email address. This is considered by the computer to be common knowledge. In other words, it is shown to you directly, and the computer assumes other people will know your username. In many cases, this is your email address anyway, and that's how other people reach you!

Google User and Password Prompt.

Now that you've put in your username, the computer knows what account to look under. So it asks you to prove that you are that person. It asks for your password.

macOS Password Prompt.

It's a bit like a lock and key. Your account has a lock on it. When you put in your password, it's just like putting in the key to unlock your account.

But, there's a problem with keys. Keys can be easily copied if they're digital. A digital password is often just text. People can eavesdrop over your shoulder to see your password. They can guess it from knowing a little bit about you. They can get your password from another compromised account.

Just like in the real world; a lock and key system will keep honest people out. Dishonest people, though, have little-to-no qualms about bypassing a lock entirely, or even stealing a key. Given that your online accounts are exposed and made available to billions of people online, it's safe to assume a few of those people are dishonest.

When it comes to your most important online accounts, a lock and key may not be enough. This is where multi-factor authentication comes in.

Understanding Two-Step Verification

For your most important digital accounts, you want more than lock and key security. You'd rather have a security guard, or bouncer, checking everyone's ID as they come in and making sure they're who they say they are.
Two step verification

Two-factor authentication or verification provides that extra layer of security. Instead of a simple password, your computer or online service knows about a couple different things. It can verify that the person who signs in is, in fact, you using those different items.

In single-factor authentication, there's only the username and password. Everyone knows what your username is, so the only piece of 'secret' information is the password. In two-factor authentication there's a second step. This is usually verification through another type of communication like a smartphone. This lets your security make sure you are the one using that password.

An Example of How Two-Step Verification Works (Google)

  1. When logging into a Google account, the first thing asked for is your username. This is so the computer knows who is trying to sign in.
    Google User and Password Prompt.
  2. Next, it will ask for your password.
    Google Password Prompt.
  3. With Two-Factor turned on, it double-checks that attempt to log on.

    On Your Computer

    Your computer displays a notice, telling you an extra verification is on your phone.
    Google 2-Step Verification example.

    On Your Smartphone

    Your phone asks if you recognize and allow the login to continue.
    Phone prompt for two step verification

  4. Finally, you are allowed to sign on and use your Google Account.

Keep in mind that this is just one example of how two-factor authentication works with one service. Many different online accounts offer two-factor authentication, and their process for authentication may vary. Most services will make it very clear what the login requirements will be upon enabling two-factor authentication to prepare you for future login attempts.

Putting it All Together

Multi-Factor Authentication.

Now that you know how single-factor and two-factor work you've figured out multi-factor or two-step authentication. Multi-factor provides an extra check at the door of your account. Anyone who wanted access would need to know your username (this one is easy to find out), your password (this one is harder to get), and also have possession of your unlocked smartphone (this one is very, very difficult to get).

Setting Up Two-Factor

Now that you know more about two-factor or two-step verification you should set it up for your own accounts.

Turn On Two-Step Verification for Your Google Account

Set Up Two-Factor Authentication for Apple ID

Use Two-Factor on Your Microsoft Account

Social Media

Set Up Two-Factor Authentication on Your Facebook Account

Set Up Two-Factor Authentication for Twitter

Secure Your Zoom Account with Two-Factor

Shopping

Turn on Two-Factor for Your Amazon Account

Games

Use Two-Factor to Secure Your Twitch Account

Securing Your Blizzard Account

What to do When You Can't Verify

Have you tried to log into an account and your password doesn't work? If you don't have access to a verification device, or you lost your recovery key, there's only one other way to get access. You have to contact the company, prove who you are, and then they'll  reset it for you. This is normally done on a website, as most companies will not allow you to reset a password over the phone for security reasons.

Apple ID will recover your account after a waiting period. They suggest you try resetting your password and if that doesn't work you can try accessing your account and resetting the password using another trusted device. You can even attempt to reset it using a friend or family member's device. If you've lost your recovery key and are unable to verify your account you'll have to visit https://iforgot.apple.com/.

Like Apple, there's no way to call Google and tell them you lost your account. You'll need to go online to Google's recovery site and answer their questions. Answer as many questions as you can, use a familiar device or browser, and be exact.

Your accounts will try to avoid you ever needing to do this, however. Most of them will give you a recovery key and suggest you print it out and keep it in a safe place.