Two-factor login security settings

Two-factor login security means that knowing your password is not enough to log in to you will also need a one-time passcode. These codes are generated by an app that you install on your phone or tablet (or even in your browser). A network connection is not needed: the codes are generated used a secret that is set up in the app at the beginning. This means that an attacker who knows your password still cannot log in: they also need to physically steal your phone/tablet/etc.

Step 1 : On your phone/tablet/etc., install the one-time pass-code app

You can whichever app you prefer (it just needs to follow the “TOTP” standard). One of the most popular ones is “Google Authenticator”. Search for and install “Google Authenticator” on your Android play store or iPhone/iPod/iPad app store. On a BlackBerry, visit: On Windows Phone, there is “Authenticator”. For other platforms, see Wikipedia’s list.

Step 2 : Configure the app

If your app can scan QR codes, then scan this:

(Not logged in.)

If your app instead wants you to type in the private key, then type in this:

(Not logged in.)

If you want to change your key (which means you will need to add it again to your app), then use this:

(Not logged in.)

Step 3 : Verify that your app is showing you the current code correctly

This is your current code, check that your app is showing the same code – (one-time codes change every 30 seconds or so)

If you are not seeing the correct code, then check the time on your device. The protocol involved requires your device to know the current time accurately.

(Not logged in.)

Step 4 : Make a note of your emergency codes

These codes should be written down / kept somewhere else – i.e. not on your device. They can be used if you lose your device. Each code can only be used once each:

(Not logged in.)

Step 5 : Turn on one-time passwords

Only do this if you have successfully completed all previous steps. Turn the setting on here, and save the settings. (You can also use the form below to turn one-time passwords off again).

(Not logged in.)