How to use two factor authentication on your favourite websites and devices

A simple step-by-step guide for PayPal, Facebook, Twitter, Google and Apple

In light of the recent nude picture leaks that have hit the headlines, TechWeekEurope has teamed up with James Mace, security consultant at ethical hacking firm Pen Test Partners, to help you stay safe and secure online, as well as keep your privacy protected.

It’s not just adults who are guilty of clicking that ‘send’ or ‘upload’ button far too willingly. Children are also at risk, with many having their own smartphones directly connected to the web.

One of the most effective steps you can take is to apply Two Factor Authentication, often abbreviated to ‘2FA’, to your social media sites. Usernames and passwords are often stolen during hacker breaches. If the victims of the breach re-use passwords, their other accounts can be compromised. 2FA is about asking for extra information when you login, something like a one-time code sent to you by text message. Without the one-time code, it is far harder to hack your account. Some ask for an extra code every time you use a new computer or smartphone – the idea is that the attacker is unlikely to have your PC/Mac/phone too, so their attack is crippled.

Many social networking services have now implemented 2FA, but it’s not always obvious how to do it. Here is Mace’s quick guide to setting up 2FA on some popular web sites:

personal dataFacebook:

  • Login to Facebook

  • Navigate to the user settings page via the icon. That’s one of the links in the top right hand corner of the page

  • Run through both the ‘Security’ and ‘Mobile’ tabs to set up 2FA

  • Follow on-screen instructions



  • Login to your account and navigate to the settings page.

  • Click ‘Security and privacy’ on the left-hand navigation panel

  • Then enable: ‘Send login verification requests to my phone’ (NB You will have to add your phone to the account first. If you don’t want SMS overload, just uncheck those options!

  • Follow on-screen instructions.


  • Login to your account using your apple id at

  • Click on ‘Manage your Apple ID’ located on the right-hand side of the page.

  • Choose ‘Password and Security’

  • Select ‘Two-Step Verification’ and follow on-screen instructions.


  • Login through the website

  • Click on the image of a cog to view account settings

  • Choose ‘Security’ from the navigation panel

  • Select ‘Security Key’ and follow on-screen instructions

Some further tips to help prevent information leakage:

·        It is paramount that you understand that once information has been uploaded to the web, it is often VERY difficult to remove.
·        Be aware of the types of information/images you have stored on web connected devices.
·        Always enable the highest setting security options for your device – advice often found on the vendor’s website.
·        Ensure commonly overlooked options such as ‘auto-backup’ are turned off on sensitive albums.

It’s also worth noting that this doesn’t just apply to your current gadgets; old devices with storage capabilities have also the potential to be private data gold mines. The ‘factory reset’ option often doesn’t wipe the device sufficiently for data to be recovered, so encrypt where possible. If your device is lost, opportunists will struggle to retrieve encrypted files, particularly if your PIN is strong. And don’t rush into data migration when buying new devices; seek advice before copying one set of private selfies on to a new device

Ultimately, my advice would be to think before you upload. If you’re putting something on the internet that you wouldn’t want everyone to see, make sure you secure it. Don’t feed the pervs and trolls.

How well do you know Apple? Take our quiz!