I first switched on two-step verification for online banking and other cloud accounts two years ago, and while I can’t say I’ve slept better, I can say that any sleep deprivation has been a function of parenthood, work, or jet lag — not from worrying about somebody “pwning” my email.
With two-step verification, your password is no longer your account’s last line of defense. Instead, you verify your login with a second bit of information, usually temporary, that only you should have at hand.
That second bit can be a numeric passcode sent to you as a text message that expires after a brief period. It can be a number computed by an app on your phone while your mail service’s computers are generating the same number. It may be a request displayed in your copy of a service’s mobile app.
It can also be one of a set of backup codes you print out and stuff in another information-storage device you know how to keep safe: your wallet. Don’t forget to do that last step, lest you find yourself locked out of a site when you’re in an area with poor cell coverage and you can’t receive a text with a login code.
What can be less than obvious about two-step verification is how to turn it on. That’s because not every site makes it easy. Here’s a short list of banks, email services, social networks, and other sites that know how to perform the login two-step, along with instructions on how to do it:
• Ally Bank
• Bank of America
• Microsoft Outlook.com/Hotmail
• Apple iCloud
For a comprehensive list of sites offering this feature — as well as those working on it and those without announced plans to do so — see Josh