How to Set Up Two-Factor Authentication on Every Major SaaS Tool

Two-factor authentication means that even if someone steals your password, they cannot access your account without a second verification step, typically a code from your phone. Enabling it on your most important accounts takes about 30 minutes total and dramatically reduces your risk of being hacked.

What app to use for 2FA codes

Use an authenticator app rather than SMS for the strongest protection. The best options are: Authy, which backs up your codes securely so you do not lose them if you change phones. Google Authenticator, which is simpler but does not back up codes automatically. Both are free. Download one before you start.

Google account

Go to myaccount.google.com. Click Security. Click 2-Step Verification. Click Get started. Follow the prompts to set up using your authenticator app. Save your backup codes somewhere secure. Google 2FA also covers Gmail, Google Drive, and any service that uses Google to sign in.

Your password manager

If you use 1Password, go to your profile, then Account Settings, then Two-Factor Authentication. For Bitwarden, go to Account Settings, then Security, then Two-step Login. Your password manager is the highest-priority account to protect with 2FA since it contains all your other passwords.

NordVPN

Log into nordvpn.com. Go to your profile. Select Two-Factor Authentication. Scan the QR code with your authenticator app. Enter the 6-digit code to verify and confirm.

Your domain registrar and hosting

If someone gets access to your domain registrar they can redirect your website and email. This is a critical account to protect. Find the security settings in your registrar account and enable 2FA. Repeat for your web hosting control panel.

Email account

Your email account is the master key to everything else. Password reset links go to your email. If someone controls your email they can reset passwords for every service you use. Enabling 2FA on your email account is the single highest-impact security action available to you.

The 10-minute rule

For each account: go to Settings then Security then Two-Factor Authentication or similar. Enable it. Scan the QR code. Save backup codes. Done. Each account takes under two minutes. Start with your email, then password manager, then domain registrar, then work through the rest. The 30 minutes this takes will protect you for years.