Get tech confident for less
Get 12 months of tech support and buying advice for only £34.30, that's a 30% saving. Together we’ll show your tech who’s boss.
Join Which? Tech SupportOffer ends 16 Jun 25. Cancel anytime.
By clicking a retailer link you consent to third-party cookies that track your onward journey. This enables W? to receive an affiliate commission if you make a purchase, which supports our mission to be the UK's consumer champion.
What is two-factor authentication and should you use it?
Learn about the different types and which will be best to help protect your data
Two-factor authentication, or 2FA, adds a layer of security when signing in to websites and services.
The most common way this happens is when you log in from a new phone, tablet or computer, or from a new location the website doesn’t recognise. Some websites also require 2FA every time you login or when you make a transaction.
The website will send you a code - usually via text to your mobile phone - that you have to enter before you can finish signing in.
It's an effective way to protect your online data - see why below.
Tech Support – stay on top of your tech and get unlimited expert 1-2-1 support by phone, email, remote fix and in print.
Should I use 2FA?
In short - yes. You should turn it on for every service you log in to, whether it's via an app or a website. Not every service offers it, but where it's available, turn it on.
This is a great way of protecting your accounts, as it stops hackers who might have got your password via a data breach or phishing scam from logging in.
If you ever change your mobile number, it's very important that you also update any accounts that you're using 2FA on. Over time, your old phone number will be recycled and someone else will get it. If you haven't updated your accounts, then you risk the owner of your old number being able to access them.
News, deals and stuff the manuals don't tell you. Sign up for our free, monthly Tech newsletter.
Is getting a code by text the only 2FA method?
No. By text is the most common way, but some websites and services also support using different methods, such as:
- Authenticator app - such as LastPass Authenticator, Google Authenticator, Okta Verify, Authy (there are many others too) work in a similar way by generating codes for you to confirm it’s you logging to a website from a new device or location
- Biometrics – your fingerprint, a scan of your iris or a scan of your face can also be used to verify it’s you and not a hacker logging in to a website. Do be aware that some phones' face recognition systems can be hacked. We test for this in our mobile phone reviews
- Hardware keys - the most common is the Yubikey, which is widely supported, although there are others made to the same standards. Google has its own Titan Security Key.
Keep your data safe. Our independent lab tests reveal the best antivirus software
How to turn on 2FA for your account
Every website or service will be slightly different, but generally you’ll find the options for 2FA in the security settings for your account.
Typically, you’ll be asked to enter your mobile number and then the website will send you a code which you type in to confirm that you want to go ahead and set it up.
Some websites will require you to confirm your login each time, while others will only challenge your login if you’re signing in from a new device, or a new browser on an old device – or from an IP address you haven’t logged in from before.
In most cases you can tell it to recognise you from that device/browser/IP address in future, although we would recommend letting it challenge you each time.
What if I lose my phone or hardware key, or I don't have a mobile signal?
Most websites that use 2FA will also let you generate one-time codes: codes that you can print out or perhaps store safely in your cloud storage and then type in to complete your login.
If you decide to store those codes in your cloud storage you'll need to make sure you can access that if you're offline or if you've had your phone stolen, of course.
Again, it's a bit of a pain to go through all your sites and generate them, and you'll need to work out the best way for you to store them, but it's a good back-up option.
Know what to do if your laptop gets stolen
Join Which? Tech Support
Get tech confident for less
Get 12 months of tech support and buying advice for only £34.30, that's a 30% saving. Together we’ll show your tech who’s boss.
Join Which? Tech SupportOffer ends 16 Jun 25. Cancel anytime.
Which? Tech Support can help you keep you on top of your tech. Our experts explain things clearly so that you can resolve issues and feel more confident using your devices.
Get unlimited 1-2-1 expert support:
- By phone Clear guidance in choosing, setting up, using and resolving issues with your home tech devices.
- By email Outline the issue and we’ll email you our answer.
- By remote fix We connect securely from our office to your home computer and resolve issues while you watch.
- In print Which? Tech magazine, six issues a year delivered to your door.
You can join Which? Tech Support.