Adding multi-factor authentication to personal accounts

Overview

This article outlines the steps to set up multi-factor authentication (MFA) or two-step (or two-factor) authentication (2FA), to the most common service providers.

What is MFA?

MFA requires users to provide two or more factors of evidence to access electronic resources. Most 2FA requires an additional password (something the user knows) or a passcode (something the user has) as a second form of providing evidence.

Steps to multi-factor authentication: password, proof, then access

Using MFA decreases the risk of third-party hackers from successfully logging into your accounts and stealing personally identifiable information (PII). PII includes Social Security numbers, bank account numbers, home addresses, and many more forms of intimate information. The more services you enable MFA for, the more protected your personal information is. 

Adding MFA to email accounts is a high priority for preventing hackers from accessing other accounts and sensitive information through use of access account recovery information sent through email. MFA can and should be used for other services. Gmail, Microsoft, Google, Facebook, financial instututions, and many other services offer MFA for their users. 

MFA at UO is called Two-Step Login

The University of Oregon requires faculty, staff, and students to sign-up for Duo Mobile, an electronic authentication to access university email accounts and online resources. Duo users follow the two-factor authentication scheme by confirming their identity through the use of a secondary devices. These secondary devices can either be phones (either smart or non-smart), tablets, or other tokens issued by Information Services.

For more information on the university's implementation of Duo, please see the article Getting Started With Two-Step Login (Duo).

MFA with common service providers

Here are examples of how to set up MFA for your accounts in several commonly used service providers:

Amazon

After signing into your Amazon account on a desktop browser, click on Your Account. Under Login & Security, click Edit on the right-side of Two-Step Verification settings. Continue the requested steps prompted on the screen. 

Advanced Security Settings screen with Two-Step Verification highlighted

Apple

After signing into your Apple account under Manage Your Apple ID, click on Security and again on Two-Factor Authentication. The steps for iOS and macOS look slightly different.

  • For iOS, start with Settings > Password & Security > Turn on Two-Factor Authentication.
  • For macOS, start by clicking on System Preferences > iCloud > Account Details > Security > Turn on Two-Factor Authentication.

iOS/iPadOS 2FA prompts

Facebook

On the desktop, go to Settings > Security and Login. Under Two-Factor Authenticationclick Edit. If you select an authenticator app, Facebook will produce a QR code on the desktop screen. Open your authenticator app on your smartphone, select add, and hold your smartphone up to capture the code. The next time you sign into Facebook and it requests your six-digit code, open the authenticator app to retrieve it.

Facebook 2FA: Get Started, choose method, 2FA is on.

Google

After signing into your Google Account, select Security. Under Getting Started, you will be guided through the steps of securing MFA.

After signing in, you will be directed to sign in to your Google Account, you'll need your password and a verification code to log in. 

Google prompt for enabling MFA

Instagram

On the desktop or through the mobile application, tap Settings > Security > Two-Factor Authentication.

  1. Option one: turn on Text Message and add your phone number.
  2. Option two: turn on the Authentication app option to receive a key to enter into an authenticator app like Duo Mobile.

Instagram 2FA (decorative image)

LinkedIn

Go to the Me menu > Settings & Privacy > Account > Two-step verification to activate. You'll receive get a six-digit code you have to enter to verify.

LinkedIn two-step verification page

Microsoft

After signing into your Microsoft account, click on Security > More Security Options. Click on the second option, Two-step Verification. Enter the Set up an identity verification portion and follow the prompts on the screen. Microsoft will then prompt you to download the Microsoft authentication app. Download the application or select Other and use Duo Mobile or Google prompt.

Set up two-step verification (from Microsoft)

Twitter

Log in to Twitter on desktop or mobile, tap Settings and privacy > Security and account access > Security > Two-factor authentication

Twitter Account Settings, Security, Two-factor authentication

Yahoo

After signing into your Yahoo account, select Manage Accounts in the top-right of the screen and click on Account Info. Under Account Security, you will find Two-Step verification. Third-party authenticator apps cannot be used which requires users to use Yahoo Account Key

Yahoo 2FA Account Key

Other security tips

  1. Use strong passwords.
  2. Do not repeat passwords for every account.
  3. Make your accounts private. Be selective with friend requests.
  4. Don't post or reveal personally identifiable information
Create a Ticket Print Article

Related Articles (7)

Deciding which devices to register with Duo
A guide to all the ways to complete a two-step login.
Duck ID Password Requirements
This article contains information about UO's password requirements, and tips to creating a strong password.
Getting Started with Two-Step Login (Duo)
This page provides instructions for getting started with Duo, UO's two-step login service.
Home Computing Security Guidelines
This article provides a high-level overview of securing home networks with links to specific articles.
Privacy Matters: Protect Before You Connect
Information of how to protect your information from hackers and identity thieves.
Two-Step Login (Duo) FAQ
This page provides answers to frequently asked questions about two-step login (Duo).
Using Two-Step Login with Cisco AnyConnect VPN
Instructions for two-step login with Cisco AnyConnect VPN Secure Client.

Related Services / Offerings (1)

Two-Step Login (Duo) Support
Two-step login provides a second layer of security to any type of login, requiring extra information or a physical device in addition to the user's password.