How to Protect Yourself from Hackers on Popular Websites with Two-Factor Authentication

How to Protect Yourself from Hackers on Popular Websites with Two-Factor Authentication article image.

There are various steps you can take to protect yourself online. One way you can keep your personal information from getting into the wrong hands with an additional step on many popular websites: two-factor authentication. Read more to learn how this can help protect you from hackers and keep your accounts safe:

An Extra Layer of Security

Strong passwords make it harder for hackers to access your login credentials, but they're not fail-safe.

In fact, 81% of hacking-related data breaches start with stolen or hacked passwords, according to the 2017 Data Breach Investigations Report from Verizon. With identity theft affecting 16% of American consumers (according to Javelin Strategy & Research), everyone needs to be vigilant about online safety.

Two-factor authentication adds another layer of security to online accounts beyond just a password. Instead of giving only one piece of proof—a password—that you are the authorized user on an account, two-factor authentication requires you to provide a second piece of proof to verify your identity.

This helps ensure no one can access your account except you, even if they know your password and login or username.

How It Works

You may already use some two-factor authentication without realizing it. For example, your bank's website may text a code to your smartphone when you attempt to change your password. In order to make the change, you have to know your password and be in possession of the phone registered to the account so you can receive and enter the texted code.

Two-factor authentication is just that -- using two pieces to confirm you are who you say you are. It works because it ensures a password alone isn't enough to give someone access to your account. In addition to the password, the user has to know or possess something unique to them that a hacker wouldn't have access to.

Companies that use two-factor authentication may require authorized employees to carry a token, like a key fob, that they have to use in addition to a password. For consumers, a smartphone is usually the device used for authentication.

Hackers may steal your password, but as long as you have your smartphone or tablet (your authentication device) in your possession, they won't have everything they need to access your account.

Setting up Two-Factor Authentication

Many larger websites you frequently use probably offer two-factor authentication. Here's how you can set up this extra layer of security on some popular websites:

Apple ID

To turn on two-factor authentication on your iPhone, iPad or iPod, Apple says to take these steps:

  • For iOS 10.3 or later, go to settings/your name/password and security. Tap "turn on two-factor authentication" and continue.
  • For iOS 10.2 or earlier, go to settings/iCloud. Tap password and security. Tap "turn on two-factor authentication" and continue.
  • Enter the phone number where you want to receive verification codes and choose whether you want to receive the code via text or call.
  • Tap "next" and Apple will send a verification code to the number you entered.
  • Enter the verification code to confirm the number and turn on two-factor authentication.


To turn on or manage two-factor authentication, Facebook recommends these steps:

  • Log into your account and click on Settings/Security and Login in the upper right corner of the screen.
  • Choose "Use two-factor authentication" and click "edit."
  • Select the authentication method you want to use. Facebook offers multiple options, including: text messages to a mobile phone, security codes from Facebook's Code Generator, security key on a compatible device, security codes from a third-party app, login approval from a recognized device or a printed recovery code.
  • Follow the on-screen instructions for the authentication option you choose.
  • Click "enable" when you're done.


To turn on two-factor authentication for Gmail and your Google account, Google advises:

  • Go to Google's two-step authentication page. You may have to log into your Google or Gmail account.
  • Click "get started."
  • Follow the on-screen instructions to turn on two-step verification.


Yahoo says to enable two-factor authentication on your account, follow these steps:

  • Sign into your Yahoo account.
  • Click "account security."
  • Click the on/off icon beside "two-step verification."
  • Enter your mobile number.
  • Choose whether you want to receive a text message with a code or a phone call.
  • Enter the verification code and click "verify."


Instagram also allows users to set up two-factor authentication by following these steps:

  • Log into your Instagram account.
  • Go to the profile and choose your operating system (iOS or Android) in the top right corner.
  • Scroll down and choose "two-factor authentication."
  • Tap "require security code" to turn on the authentication.
  • If you haven't already registered a phone number with Instagram, it will ask you to enter one where you'll receive authentication codes. Enter the number and tap "next."
  • Instagram will send a code to the number you provided. Enter that code and tap "next."

Twitter also offers two-step authentication and provides detailed instructions for setting it up depending on how you're accessing Twitter: from a PC or laptop, or an iPhone or Android smartphone. Visit Twitter's Help Center to learn more.

Keeping Your Online Information Protected

Once you have two-factor authentication setup, some sites also notify you if someone is trying to gain access. If this happens, there are some additional precautions you can take:

  • Log out of that account on any devices that are logged in.
  • Change your password for that account immediately.
  • Confirm the email address associated with that account and change other passwords that may be tied to that email on other sites.

A record 15.4 million people were victims of identity theft or fraud last year, according to Javelin. Hacking online accounts is one way criminals can commit fraud and identity theft. Phishing is another method that is known to be used for various types of frauds and scams, such as mortgage wire fraud.

Many companies do as much as possible to help keep you and your personal information safe online, and two-factor authentication is one more tool you can use to help yourself.

The purpose of this question submission tool is to provide general education on credit reporting. The Ask Experian team cannot respond to each question individually. However, if your question is of interest to a wide audience of consumers, the Experian team may include it in a future post and may also share responses in its social media outreach. If you have a question, others likely have the same question, too. By sharing your questions and our answers, we can help others as well.

Personal credit report disputes cannot be submitted through Ask Experian. To dispute information in your personal credit report, simply follow the instructions provided with it. Your personal credit report includes appropriate contact information including a website address, toll-free telephone number and mailing address.

To submit a dispute online visit Experian's Dispute Center. If you have a current copy of your personal credit report, simply enter the report number where indicated, and follow the instructions provided. If you do not have a current personal report, Experian will provide a free copy when you submit the information requested. Additionally, you may obtain a free copy of your report once a week through December 31, 2022 at AnnualCreditReport.