Why to Set Up Two-Factor Authentication Everywhere You Can – Here’s Where

2-factor authentication
  • Why to Set Up Two-Factor Authentication Everywhere You Can – Here’s Where


Here is why you must set up two-factor authentication (also called 2-step verification) wherever you can. Many places now offer it, including Facebook (called “Facebook login approvals”), Paypal (“Paypal Security Key”), Twitter, and, of course, Gmail (Google).

You may recently have read the story of how Naoki Hiroshima lost their Twitter account, valued at $50,000, to a hacker. Basically the hacker managed to get into and redirect Hiroshima’s email domain, allowing the hacker to do password resets on some of Hiroshima’s accounts, and intercept the password reset emails.

[Read Naoki Hiroshima’s “How I lost my $50,000 Twitter username”]

The hacker first tried hacking into Hiroshima’s Paypal account, which didn’t work, because they were stymied by Paypal’s two-factor authentication. (Unfortunately, the hacker then simply called Paypal, and through some social engineering got a Paypal employee to give the the last four digits of Hiroshima’s credit card on file, which in turn the hacker used to convince GoDaddy that they were Hiroshima.)

Get notified of new Internet Patrol articles for free!

Anyway, all of this serves to highlight this: You should have two-factor authentication set up with every account that offers it. And, if you are using a service that doesn’t offer it, you should request that they do. Maybe even threaten to switch to another, similar service that offers it – in fact, maybe actually switch to another service that offers it.

(Two-factor authentication is basically having two passwords, the second one of which is randomly generated, and is good for only a few minutes, and is delivered to you through a device, an app, or an SMS text message.)

Whenever possible you should set it up as an SMS text message direct to your mobile phone.

Twitter SMS verification

Here’s why: Some places (such as Paypal) offer you a separate device with which to generate a special one-time code, like a keyfob or credit-card sized “security key”. Other places, such as Google, offer you a standalone app that will generate a special one-time code for you. But (nearly) all places offer the option of having the random code for your 2-factor authentication delivered to you by SMS text message.

Paypal’s Security Key Options
paypal two-factor authentication

Now. Imagine you use the security key offered by Paypal. And imagine that you lose your wallet in which you keep the security key. Suddenly you are locked out of your Paypal account.

Similarly, imagine that you use the Google authentication app on your phone. And you lose your phone. Even if your phone doesn’t fall into the wrong hands, you have no way of accessing your Google account, because you can’t get the code from the app.

But, if you instead have set up all of your two-factor authentications to come to your cell phone as text messages, and if you lose your phone, it’s a simple matter of having your phone carrier (i.e. AT&T, Verizon, T-Mobile, etc.) turn off the SIM card in your lost phone, and reactivate it in a replacement phone. You will have the same phone number, and your two-factor authentication texts will still come right to you.

All that said, here is a list of the more popular services and social media of which we are aware that offer 2-factor authentication. To the best of our knowledge, they all also offer the code-by-SMS-text-message option, unless otherwise noted. If you run into any that don’t, or if you know of other services that offer 2-factor authentication, please feel free to add them in a comment!

Google 2-step verification

Facebook two-step authentication (called “login approvals”)

Twitter two-step authentication.

Paypal two-step authentication (called “security key”)

LinkedIn two-step verification

GoDaddy two-factor authentication

Yahoo two-factor authentication

Microsoft/Live two-factor authentication

Apple two-step authentication

WordPress.com two-factor authentication

Amazon Web Services (AWS) two-factor authentication

Dropbox two-factor authentication

Evernote two-factor authentication

Lastpass – unfortunately Lastpass doesn’t offer an SMS option, you have to use the Google authenticator app.

For a more comprehensive list of websites and services that offer two-factor authentication, incuding financial services such as CitiBank, Bank of America, and Charles Schwab, see Evan Hahn’s Two-Factor Auth List.


For a list of domain registrars that offer two-factor authentication, see Elliot Silver’s List of Domain Registrars that Offer Two-Factor Authentication over at DomainInvesting.com.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!

Why to Set Up Two-Factor Authentication Everywhere You Can – Here’s Where

Get notified of new Internet Patrol articles!
  • Why to Set Up Two-Factor Authentication Everywhere You Can – Here’s Where
Why to Set Up Two-Factor Authentication Everywhere You Can - Here's Where
Article Name
Why to Set Up Two-Factor Authentication Everywhere You Can - Here's Where
Here's why you must set up two-factor authentication (a/k/a 2-step verification or 2fa) wherever you can, including a list of many places that offer it.

Leave a Reply

Your email address will not be published. Required fields are marked *