A Cheat Sheet for Securing Your Accounts with Two-Step Verification

I first switched on two-step verification for online banking and other cloud accounts two years ago, and while I can’t say I’ve slept better, I can say that any sleep deprivation has been a function of parenthood, work, or jet lag — not from worrying about somebody “pwning” my email.

(Thinkstock)

With two-step verification, your password is no longer your account’s last line of defense. Instead, you verify your login with a second bit of information, usually temporary, that only you should have at hand.

That second bit can be a numeric passcode sent to you as a text message that expires after a brief period. It can be a number computed by an app on your phone while your mail service’s computers are generating the same number. It may be a request displayed in your copy of a service’s mobile app.

It can also be one of a set of backup codes you print out and stuff in another information-storage device you know how to keep safe: your wallet. Don’t forget to do that last step, lest you find yourself locked out of a site when you’re in an area with poor cell coverage and you can’t receive a text with a login code.

What can be less than obvious about two-step verification is how to turn it on. That’s because not every site makes it easy. Here’s a short list of banks, email services, social networks, and other sites that know how to perform the login two-step, along with instructions on how to do it:

• Ally Bank

• Bank of America

• Chase

• Yahoo

• Gmail

• Microsoft Outlook.com/Hotmail

• Apple iCloud

• Facebook

• Twitter

• Dropbox

• WordPress

For a comprehensive list of sites offering this feature — as well as those working on it and those without announced plans to do so — see Josh Davis’s directory here.

Email Rob at rob@robpegoraro.com; follow him on Twitter at @robpegoraro.