How to Set Up 2FA on Your Most Important Accounts (2026)
Affiliate disclosure: This article contains affiliate links. If you click a link and make a purchase, we may earn a commission at no extra cost to you. Our editorial recommendations are never influenced by commissions — read our full disclosure policy.
Why You Need 2FA on Every Important Account
If there is one security action you take after reading this guide, it should be enabling two-factor authentication on your email. Your email is the skeleton key to your entire digital life — password resets, account recovery, financial notifications, and personal communications all flow through it. If someone gains access to your email, they can reset the password on virtually every other account you own.
Two-factor authentication (2FA) prevents this by requiring a second verification step beyond your password. Even if your password is stolen in a data breach, phishing attack, or credential stuffing attack, the attacker cannot access your account without your second factor.
For a detailed explanation of how 2FA works and the different types available, read our comprehensive 2FA guide. This tutorial is focused purely on the practical steps — how to enable 2FA on the accounts that matter most.
What You Need Before You Start
Before enabling 2FA, set up one of these authenticator apps on your phone:
NordPass
Zero-knowledge password manager with breach scanner built in.
Try NordPass →
Sponsored · We may earn a commission
- NordPass — our recommendation if you want a password manager and authenticator in one app. NordPass stores your 2FA codes alongside your passwords, synced across all devices.
- Google Authenticator — free, simple, and works with virtually every service
- Authy — best for multi-device sync if you want codes on your phone and computer
How to Set Up 2FA on Google (Gmail, YouTube, Google Drive)
Google accounts are high-value targets because they typically control your Gmail, Google Drive, YouTube, Google Photos, and any Android devices linked to the account.
Step 1: Open Google Account Security
Go to myaccount.google.com and sign in. Click on "Security" in the left sidebar.
Step 2: Find 2-Step Verification
Scroll down to "How you sign in to Google" and click "2-Step Verification." Click "Get Started."
Step 3: Verify Your Identity
Google will ask you to enter your password again to confirm your identity.
Surfshark VPN
Military-grade encryption. No-logs policy. From $2.49/month.
Get Surfshark →
Sponsored · We may earn a commission
Step 4: Set Up Authenticator App
Google may first suggest using Google prompts (push notifications). While these work, we recommend setting up an authenticator app for broader compatibility. Click "Authenticator app" and then "Set up."
Step 5: Scan the QR Code
Open your authenticator app (NordPass, Google Authenticator, or Authy) and scan the QR code displayed on screen. The app will generate a 6-digit code that changes every 30 seconds.
Step 6: Enter the Code
Enter the current 6-digit code from your authenticator app to verify the setup. Click "Verify."
Step 7: Save Backup Codes
Google will provide a set of 10 backup codes. Each code can be used once if you lose access to your authenticator app. Save these in your password manager or print them and store them securely. Do not skip this step — backup codes are your emergency access method.
Step 8: Done
2FA is now active on your Google account. You will need your authenticator code every time you sign in on a new device.
How to Set Up 2FA on Apple ID (iCloud, App Store, iMessage)
Your Apple ID controls iCloud, the App Store, iMessage, FaceTime, Find My iPhone, and Apple Pay. Losing this account can be devastating.
Step 1: Open Settings on Your iPhone
Go to Settings and tap your name at the top of the screen to open Apple ID settings.
Step 2: Open Password & Security
Tap "Sign-In & Security" (on iOS 17 and later) or "Password & Security" (on older versions).
Step 3: Turn On Two-Factor Authentication
Tap "Turn On Two-Factor Authentication" and follow the prompts. If you already see "Two-Factor Authentication: On," your account is already protected.
Step 4: Verify Your Phone Number
Apple uses your phone number as a backup verification method. Enter your phone number and choose whether to receive verification codes by text message or phone call.
Step 5: Enter the Verification Code
Apple will send a code to your phone. Enter it to confirm setup.
Important Notes About Apple 2FA
Apple's 2FA system is tightly integrated with their devices. When you sign in on a new device, a notification appears on your trusted devices with a verification code and a map showing the location of the sign-in attempt. This is very user-friendly but does not support standard authenticator apps. You must have a trusted Apple device to receive codes.
If you only have one Apple device, add a trusted phone number as a backup. Go to Settings, then your name, then Sign-In & Security, then add a trusted phone number.
How to Set Up 2FA on Banking Apps
Banking security varies significantly by institution, but most major banks now support 2FA. Here is the general process:
Step 1: Log In to Your Banking App or Website
Open your bank's app or website and sign in.
Step 2: Find Security Settings
Navigate to Settings, then Security or Privacy. Look for "Two-Factor Authentication," "Two-Step Verification," or "Multi-Factor Authentication."
Step 3: Choose Your Method
Banks typically offer several options:
- Authenticator app — the best choice when available
- SMS verification — common but less secure (still better than nothing)
- Bank-specific app — some banks like BankID (Norway) have their own authentication systems
- Hardware token — some banks provide physical code generators
Step 4: Complete Setup
Follow the bank-specific instructions. If using an authenticator app, scan the QR code and verify with a generated code. If using SMS, verify your phone number.
Banking-Specific Notes
Norwegian Banks (DNB, Nordea, SpareBank 1): Norwegian banks use BankID, which is a form of strong authentication built into the banking system. If you use BankID, your bank accounts already have strong 2FA. Ensure your BankID is kept updated and your phone is secured.
US Banks: Most major US banks (Chase, Bank of America, Wells Fargo) support authenticator apps. If your bank only offers SMS, enable it — weak 2FA is better than no 2FA.
European Banks (Revolut, N26, Wise): Digital banks generally have strong 2FA built in, often using biometrics (fingerprint, face recognition) combined with device verification.
How to Set Up 2FA on Social Media
Facebook / Meta
- Open Facebook and go to Settings & Privacy, then Settings
- Click Security and Login
- Find "Two-Factor Authentication" and click Edit
- Choose "Authentication App"
- Scan the QR code with your authenticator app
- Enter the verification code
- Save your recovery codes
- Open Instagram and go to Settings, then Accounts Center
- Tap Password and Security
- Tap Two-Factor Authentication
- Choose your account
- Select "Authentication App"
- Scan the QR code or enter the key manually
- Enter the verification code
X (Twitter)
- Open X and go to Settings and Support, then Settings and Privacy
- Tap Security and Account Access, then Security
- Tap Two-Factor Authentication
- Toggle "Authentication App" on
- Scan the QR code
- Enter the verification code
- Save the backup code provided
- Go to Settings & Privacy
- Click Sign in & Security
- Click Two-Step Verification
- Click Turn On
- Choose "Authenticator App"
- Scan the QR code and enter the verification code
TikTok
- Open TikTok and go to Profile, then the menu icon
- Tap Settings and Privacy
- Tap Security
- Tap 2-Step Verification
- Choose "Authenticator App"
- Follow the on-screen instructions to scan the QR code
How to Set Up 2FA on Email Services
Microsoft Outlook / Office 365
- Go to account.microsoft.com and sign in
- Click Security, then Advanced Security Options
- Under Two-Step Verification, click Turn On
- Follow the setup wizard
- Choose "Authenticator app" and scan the QR code with your app
- Microsoft will also ask you to set up a recovery email or phone number
ProtonMail
- Log in to ProtonMail and go to Settings
- Click Security
- Click "Enable Two-Factor Authentication"
- Scan the QR code with your authenticator app
- Enter the verification code
- Save the recovery codes provided — ProtonMail emphasizes that losing these codes with 2FA enabled can permanently lock you out
How to Set Up 2FA on Cloud Storage
Dropbox
- Sign in to dropbox.com
- Click your profile icon, then Settings
- Go to the Security tab
- Under Two-Step Verification, click Enable
- Choose "Use a mobile app"
- Scan the QR code and enter the verification code
iCloud
iCloud uses Apple ID 2FA — see the Apple ID section above. If you have Apple ID 2FA enabled, iCloud is automatically protected.
Google Drive
Google Drive uses Google account 2FA — see the Google section above. Enabling 2FA on your Google account protects all Google services including Drive.
How to Set Up 2FA on Password Managers
This is critical. Your password manager contains the keys to every other account. It must be the most secure account you have.
NordPass
- Log in to your NordPass account at nordpass.com
- Go to Settings, then Security
- Enable Two-Factor Authentication
- Choose "Authenticator App"
- Scan the QR code with a separate authenticator (use Google Authenticator for this, since NordPass itself is being secured)
- Enter the verification code
- Save the backup codes
1Password
- Sign in to 1password.com
- Go to My Profile, then More Actions
- Click "Manage Two-Factor Authentication"
- Click "Turn On"
- Scan the QR code with your authenticator app
- Enter the verification code
Post-Setup Checklist
After enabling 2FA on all your accounts, verify:
- [ ] Backup codes are saved for every account (in your password manager or a secure physical location)
- [ ] Your authenticator app is backed up (Authy and NordPass sync to the cloud; Google Authenticator requires manual backup export)
- [ ] You have a trusted phone number as a secondary recovery method
- [ ] Your email account has 2FA enabled (this is the most critical account)
- [ ] Your password manager has 2FA enabled with a separate authenticator
Frequently Asked Questions
What if I get a new phone?
If you use NordPass or Authy, your 2FA codes sync to the cloud and will be available when you log in on your new phone. If you use Google Authenticator, you need to export your accounts before switching phones (Google Authenticator > Settings > Export accounts). Alternatively, use your saved backup codes to re-enable 2FA on each account with your new device.
I lost my phone and did not save backup codes. What do I do?
This is the worst-case scenario. Contact each service's support team and verify your identity through alternative means. This process varies by service and can take days or weeks. This is why saving backup codes is so important.
Is it safe to use SMS 2FA if my bank does not support authenticator apps?
Yes. SMS 2FA is weaker than authenticator app 2FA, but it is significantly stronger than no 2FA. Enable it. Consider adding a SIM PIN to your mobile account to reduce SIM swapping risk.
Do I need to enter a 2FA code every time I log in?
Most services offer a "trust this device" option that remembers your device for 30 to 90 days. You will only need to enter a 2FA code when logging in from a new device or after the trust period expires.
Can I use the same authenticator app for all my accounts?
Yes. A single authenticator app can handle dozens or hundreds of accounts. NordPass, Google Authenticator, and Authy all support unlimited account entries. The only exception is your password manager itself — use a separate authenticator for that to avoid a circular dependency.
What is the best authenticator app for beginners?
Google Authenticator is the simplest. NordPass is the best all-in-one solution if you also need a password manager. For a detailed comparison, see our 2FA guide.
The Bottom Line
You can enable 2FA on all your most important accounts in under 30 minutes. This single action blocks the majority of account takeover attempts. Do it today — not tomorrow, not next week. Today.
Start with your email, then your bank, then your password manager, then social media. Save your backup codes. You are done.
For broader identity protection beyond 2FA, see our identity theft protection guide.
Written by Oyvind — NorwegianSpark SA. We test everything we recommend. Affiliate links are disclosed.
Reviewed by Øyvind — NorwegianSpark · Last updated: 24 April 2026