I’ve had two factor for gmail enabled for two years. This morning, I set up two factor for github. Due to Heartbleed (check if sites you use are affected), I checked who else permits two factor to revisit what I should turn on. Twitter has it’s own post because it didn’t go smoothly like the others did.
I had originally decided not to turn on two factor for sites that don’t provide an app as I prefer not to get texts. However, I notice they only text you when you log in from a new device. And I get enough junk texts by now that this is a rounding error.
Paypal
I have a paypal account but hardly use it. It was so secure that I didn’t even know my main password.
- Go to this page.
- Choose the option to use a mobile number (vs a $30 device)
- Enter your phone number
- Enter the code sent via a text to prove you control that phone number. Do so quickly. The code expires in 5 minutes.
Dropbox
Dropbox was similar to github. It uses Google Authenticator plus a backup phone code and backup text string. The only annoyance was that I had trouble scanning the QR code. I had to drag the browser to my second screen (which is larger so has better resolution.)
Dropbox didn’t make me re-connect my existing sessions. I left them alone because I don’t want to sync all that data again. Presumably two factor will protect me against anyone else using my login.
Linked in
- Go to the security page,
- Click Turn on for two factor
- Enter your phone number
- Enter the code sent via a text to prove you control that phone number
Yahoo mail
I hadn’t secured yahoo because I use it as my “backup” email provider. Why not though.
- Go to this page.
- Enter your phone numbe
- Enter the “six digit” code sent via a text to prove you control that phone number. (My “six digit” code was five digits. I guess they are counting invisible leading zeros)
A better list pointed out to me: http://evanhahn.com/2fa/
Another great list with twitter links to advocate: https://twofactorauth.org