Setting Up Two-Factor Authentication (2FA)

Introduction / Why It's Needed

Two-factor authentication (2FA) is an additional security layer for your online accounts. Even if an attacker steals your password, they cannot log in without the second factor (a temporary code from an app or SMS). This guide describes the universal process of setting up 2FA via an authenticator app (TOTP method), which is the most reliable and is supported by the vast majority of services (Google, Microsoft, Facebook, Dropbox, GitHub, etc.).

After completing this guide, you will:

• Protect your accounts from hacking if your password is leaked.
• Learn how to use an authenticator app.
• Understand how to work with backup codes.

Requirements / Preparation

Before you begin, ensure you have:

1. A smartphone running Android (version 10 or higher) or iOS (version 14 or higher).
2. Stable internet on both your phone and computer for the initial setup.
3. Access to the account you want to protect (login and password).
4. An installed authenticator app. Recommended options:
   • Google Authenticator (simple, no cloud synchronization).
   • Microsoft Authenticator (with cloud synchronization between devices).
   • Authy (multi-platform, with encrypted cloud backup).

⚠️ Important: Do not use the same phone for 2FA that you use for receiving SMS codes. If one device is lost or stolen, you will lose both factors.

Step-by-Step Guide

Step 1: Install and Initially Set Up the App

1. Open the App Store (iOS) or Google Play (Android).
2. Find and install your chosen app (e.g., Google Authenticator).
3. Launch the app. On first launch, you may be asked to:
   • Grant permission to use the camera (for scanning QR codes).
   • Set up biometric access (fingerprint or Face ID) — highly recommended to protect access to the 2FA codes themselves.
4. Tap "Start" or the "+" (plus) sign to add a new account.

Step 2: Link the App to the Online Service

1. On your computer, open a browser and log in to the account of the service you want to protect (e.g., your Google account).
2. Go to Account Settings (usually a profile icon → "Manage account" or "Settings").
3. Find the Security or Sign-in & security section.
4. Locate the Two-factor authentication (2FA), 2-step verification, or Authenticator app option.
5. Tap "Start" or "Enable". The system will prompt you to choose a method. Select "Authenticator app" or TOTP (Time-based One-time Password).

Step 3: Scan the QR Code or Manual Entry

On the next screen, you will see:

• A QR code (a square of black-and-white pixels).
• A secret key (a sequence of letters and numbers, e.g., JBSWY3DPEHPK3PXP).

Option A (Recommended): Scan the QR Code

1. In your authenticator app, tap "Scan QR code".
2. Point your phone's camera at the QR code on your computer screen.
3. The app will automatically add the new account and start generating a 6-digit code that refreshes every 30 seconds.

Option B: Manual Entry (if the camera doesn't work)

1. In your authenticator app, choose "Enter key manually" or "Manual entry".
2. In the "Account name" field, enter something like your_email@gmail.com.
3. In the "Key" field, enter the secret key from the website.
4. Select the key type as Time-based and tap "Done".

Step 4: Confirm Activation on the Website

1. After adding the account in the app, you will see the first 6-digit code (it may appear immediately or after a few seconds).
2. Do not close the QR code window on the website!
3. Enter the displayed code from your app into the corresponding field on the website.
4. Tap "Verify" or "Confirm".
5. If the code is correct, the site will indicate successful 2FA activation.

Step 5: Save Backup Codes

This is the most important step in case you lose your phone.

1. After activating 2FA, the site will usually offer to download or display 10 one-time backup codes.
2. Copy them and save them in a secure location separate from your phone:
   • Print them and keep them in a safe.
   • Save them in a password manager (e.g., Bitwarden, KeePass).
   • Write them down on paper and hide them.
3. Each backup code can be used only once to log in if you don't have access to your primary authenticator app.

Verifying the Result

To ensure 2FA is working:

1. Log out of your account on all devices (click the "Sign out" button).
2. Try to log in again by entering your username and password.
3. After entering the correct password, the system will request a 6-digit code.
4. Open your authenticator app and enter the current code.
5. If login is successful — 2FA is set up correctly.

💡 Tip: After a successful check, do not close the session on your main device (e.g., laptop) until you confirm the backup codes work. Try logging in with one of them on a different device.

Potential Issues

"Invalid code" during confirmation

• Cause: The time on your phone and the server is out of sync.
• Solution: Ensure your phone has the "Automatic date & time" option enabled (Settings → System → Date & time). Restart the authenticator app.

App doesn't generate codes after scanning the QR code

• Cause: The code was scanned incorrectly or the app is outdated.
• Solution: Delete the account entry in the app (long-press → Delete) and try scanning the QR code again. Make sure the camera clearly sees the entire code.

Phone with the authenticator app is lost

1. Try to log in using one of your saved backup codes.
2. After a successful login, immediately disable the old 2FA and set it up again on your new device.
3. If the backup codes are also lost, use an alternative recovery method (SMS, backup email) if it was configured, or contact the service's support team.

2FA is not supported for a specific service

• Cause: Some older or highly specialized services may not support TOTP.
• Solution: Check if there is a "SMS messages" or "Authenticator" option in the security settings. If not — use a strong, unique password and consider using a password manager to generate it.