Skip to main content

Reading is great. Tracking makes it stick. Sign up for a free Dashboard to tick off tasks and see your Security Score.

Get my free Dashboard →
User AccessHigh priority

Set up two-factor authentication on your email

Add two-factor authentication (2FA) to your email account so a password alone is not enough to get in.

Why this matters

Your email is the master key to your online accounts — if someone gets into it, they can reset every other password. 2FA stops this even if your password is stolen.

How to do it

  1. Gmail: 1. Go to myaccount.google.com → Security → 2-Step Verification
  2. Follow the setup steps — use an authenticator app (better than SMS)
  3. Outlook: 1. Go to account.microsoft.com → Security → Advanced security options
  4. Turn on two-step verification
  5. Also enable 2FA on iCloud, social media, and your bank if possible

Need a more detailed walkthrough?

Our step-by-step guide explains each action in full detail, with confirmation steps and related tasks.

View full step-by-step guide →

Cyber Essentials framework

This task falls under the User Accesscontrol, one of five areas assessed in the UK's Cyber Essentials scheme. Completing it counts toward your Cyber Essentials alignment. Create a free account to track your progress across all five areas.

Frequently asked questions

What is two-factor authentication?

Two-factor authentication (often called 2FA or two-step verification) means you need two things to log in: your password and a second check, usually a code sent to your phone or generated by an app. Even if someone steals your password, they cannot get into your account without that second code.

Is text message 2FA safe enough?

Text message codes are much safer than no 2FA at all. However, an authenticator app (such as Google Authenticator or Microsoft Authenticator) is more secure because codes are generated on your device and cannot be intercepted by someone who takes over your phone number. Use SMS if it is all that is offered; switch to an app when you can.

What if I lose my phone after setting up 2FA?

When you set up two-factor authentication, you are given a set of one-time recovery codes. Save these somewhere safe: printed out, or in a password manager. They allow you to get back into your account without your phone.

Which accounts should I add two-factor authentication to?

Start with your email: it is the most important because anyone inside it can reset every other password you own. Then add it to your bank, social media, and any account that contains personal or financial information.

On an Android phone? Two-factor authentication on Android

Need step-by-step instructions? How to turn on two-step verification for your Google account on Android

Track your security score for free

Create a free Cyber Nova AI account to tick off tasks like this one, see your Security Score, and stay on top of what you've done and what's still to do.

Start your free security check