Turn on 2FA before it’s too late

Two-factor authentication (“2FA”) is intended as another layer of security to your online accounts, so if your password is hacked, your account can’t be accessed without a special code. While I clearly understand the value, I’ve been lazy about enabling on various services since… it’s a hassle. I’ve only enabled it when I’ve been required by an external force. This reactive strategy isn’t even a strategy; it’s just a bad idea.

This morning, I went through all the services I’m using and was impressed how many services had 2FA enabled and, more importantly, how trivial it was to enable. Here’s the list. Turn on 2FA now.

Two Factor Auth List is a comprehensive online resource that documents two-factor authentication for the bajillion sites I didn’t list above.

Leave a Reply

Your email address will not be published. Required fields are marked *

10 Responses

  1. Kenton 5 months ago

    How hard is it to get 2FA working at my mid-size business? Sick of having to change passwords every 6 months but I can’t find a reliable 2FA vendor.

  2. Eugene 5 months ago

    Hey Kenton, check out Auth0 if you want to add 2FA/MFA to your apps.


    We also have our own MFA app, similar to Duo or Google Authenticator.


  3. The link for Dropbox points to Microsoft

  4. I agree, but only for a couple very important sites. You should have it on for email and whatever administers your domain (google, etc). Banks that hold your money, yes – probably not worth it for banks where you only have credit cards. The rest? No, unless you actually get income from them. Do you really care of your Instagram account gets hacked?

  5. Benjamin 5 months ago

    Instagram doesn’t seem to support it anymore, unfortunately. The steps under the “Instagram” link reference a button I don’t see (at least in the iOS app), and the big list marks Instagram as not supporting 2FA.

    • rands 5 months ago

      Just walked through the steps on iOS and confirmed it’s enabled + working.

  6. Samuel Latchman 4 months ago

    First, thanks a lot for this post! It finally pushed me to take the plunge!

    I’m presently updating all my accounts, but no 2FA on Instagram for me either. Looks like they’re not done with their test roll-out, where only select users can activate the setting.

  7. Too bad that many of these services require a phone number to enable 2FA for you. Even though it could be done with only authenticator apps. By requiring your phone number they make sure they can track you, they can deny you opening multiple accounts, and they (or whoever gets access to their data) can cross-reference you with other services.

    Services like Dropbox, Slack or Github let you use just an auth app. Services like Yahoo, Google, Amazon, Facebook or LinkedIn demand a phone number. Surprise surprise, I see a pattern. And for some of these services I’d rather take my chances being hacked (which means using them less, and in less-meaningful ways), rather than give them my phone number.