Multi-Factor Authentication for the Masses | Cyber Security Awareness Month
For cybersecurity awareness month (October) I thought I would compile a no-hassle list of popular apps and their documentation on how to set up Multi-Factor authentication (MFA). I will not be explaining MFA, as there are plenty of great articles on that already. First I’ll talk about and link the methods for MFA, as well as the applications for MFA, then I’ll list the popular applications that support MFA, as well as link their How-To’s for enabling your Software Token or SMS MFA. Click here to skip to the Apps. Click here to skip to the How-To’s.
MFA Methods
The most ubiquitous way to enable MFA is with Text Message (SMS, or Short Message Service) or Email One-Time Passwords (OTP). SMS/Email OTP is allowed by virtually everyone, including Banks, Social Media, and Business applications. The reason for SMS/Email OTP being such a ubiquitous form of MFA is the legacy nature of SMS/Email; with SMS/Email being around for such a long time, the process for securing, enabling, and auditing SMS/Email OTP has been established and thoroughly vetted by Federally- and Independently-regulated institutions.
The second most common form of MFA, and the preferred one in this article, is Software Token (Soft Token) OTP, which is usually an application that is installed on your mobile phone which allows storage of all your soft tokens in one place. Soft Tokens are not as common mainly due to their lack of Federal vetting, which is in turn caused its nascent quality.
The third, and least common form of MFA is Hardware Token (Hard Token) MFA, which is described as a hardware device with a unique signature, such as a USB key or microchip (such as the ones found in modern credit cards, but uniquely designed for authentication services). We won’t talk about these because they usually require a payment scheme and are not found in most commonly-used services.
MFA Apps
The most popular applications for Soft Token OTP are, in order of personal preference (taking into account ease-of-use, monopoly on services, and customization):
- Duo Security [Google Play] | [Apple Store]
- Twilio Authy [Google Play] | [Apple Store]
- Google Authenticator [Google Play] | [Apple Store]
- Microsoft Authenticator [Google Play] | [Apple Store]
MFA How-To’s
The majority of this is taken from this amazing site: TwoFactorAuth.org. Here are some How-To’s for some of the most popular applications, by category:
Social Media
- Facebook: https://www.facebook.com/help/148233965247823
- Instagram: https://help.instagram.com/566810106808145
- Linkedin: https://www.linkedin.com/help/linkedin/answer/544
- Pintrest: https://help.pinterest.com/en/article/two-factor-authentication
- Reddit: https://www.reddithelp.com/hc/en-us/articles/360043470031
- Snapchat: https://support.snapchat.com/en-US/article/enable-login-verification
- Tumblr: https://tumblr.zendesk.com/hc/en-us/articles/226270148-Two-factor-authentication
- Twitch: https://help.twitch.tv/s/article/two-factor-authentication-with-authy?language=en_US
- Twitter: https://help.twitter.com/en/managing-your-account/two-factor-authentication
- YouTube: https://www.google.com/intl/en-US/landing/2step/features.html
Finance
- Amazon Pay: https://www.amazon.com/gp/help/customer/display.html?nodeId=201962420
- Bank of America: https://www.bankofamerica.com/security-center/online-banking/
- Capital One: https://www.capitalone.com/applications/identity-protection/swiftid/
- Cash App: https://cash.app/help/en/en-us/3127-keeping-your-cash-app-secure
- Chase: https://twofactorauth.org/notes/chase/
- Citi Bank: https://online.citi.com/US/ag/security-center
- Discover: https://www.discover.com/credit-cards/member-benefits/security-center/protect-account/account-verification.html
- Google Pay: https://www.google.com/intl/en-US/landing/2step/features.html
- Navy Federal: https://nfcucloud.custhelp.com/app/answers/list/c/543
- Paypal: https://www.paypal.com/us/smarthelp/article/faq4057
- Square: https://squareup.com/help/us/en/article/5593-2-step-verification
- State Farm: https://www.statefarm.com/customer-care/privacy-security-center/identity-verification
- Stripe: https://support.stripe.com/questions/enable-two-step-authentication
- TIAA: https://www.tiaabank.com/security?solutions=security-tools
- USAA: https://www.usaa.com/inet/pages/security_token_logon_options?akredirect=true
- Venmo: https://help.venmo.com/hc/en-us/articles/217532397
- Wells Fargo: https://www.wellsfargo.com/privacy-security/advanced-access
Cloud Backup and Storage
- Dropbox: https://help.dropbox.com/teams-admins/team-member/enable-two-step-verification
- Google Drive: https://www.google.com/intl/en-US/landing/2step/features.html
- Mega: https://mega.nz/help/client/ios/accounts-and-pro-accounts#how-do-i-enable-two-factor-authentication-on-my-account-5bb542b3f1b70961038b4571
- OneDrive: https://support.microsoft.com/en-us/help/12408/microsoft-account-how-to-use-two-step-verification
- Synology: https://www.synology.com/en-us/knowledgebase/DSM/tutorial/Management/How_to_add_extra_security_to_your_Synology_NAS#t5
Messaging
- Discord: https://support.discord.com/hc/en-us/articles/219576828
- GroupMe: https://support.microsoft.com/en-us/groupme
- Salesforce: https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/add_time-based_token.htm
- Slack: https://slack.com/help/articles/204509068-Set-up-two-factor-authentication
- Telegram: https://telegram.org/blog/sessions-and-2-step-verification
- WhatsApp: https://faq.whatsapp.com/general/verification/using-two-step-verification
- Zoom: https://support.zoom.us/hc/en-us/articles/360038247071
- Aol: https://help.aol.com/articles/2-step-verification-stronger-than-your-password-alone
- Gmail: https://www.google.com/intl/en-US/landing/2step/features.html
- Outlook: https://support.microsoft.com/en-us/help/12408/microsoft-account-how-to-use-two-step-verification
- ProtonMail: https://protonmail.com/support/knowledge-base/two-factor-authentication/
- Yahoo: https://help.yahoo.com/kb/SLN5013.html
Gaming
- Blizzard/Battle.net: https://us.battle.net/support/en/article/24520
- EA/Origin: https://help.ea.com/en-us/help/account/ea-login-verification-information/
- Epic Games: https://www.epicgames.com/help/en-US/epic-accounts-c74/account-security-c112/twofactor-authentication-and-how-to-enable-it-a3218
- GOG.COM: https://support.gog.com/hc/en-us/articles/115003660533?product=gog
- PlayStation: https://www.playstation.com/en-us/account-security/2-step-verification/
- Valve/Steam: https://support.steampowered.com/kb_article.php?ref=4020-ALZM-5519
- Ubisoft/Uplay: https://support.ubisoft.com/en-GB/Faqs/000039953
- Microsoft/Xbox Live: https://support.microsoft.com/en-us/help/12408/microsoft-account-how-to-use-two-step-verification
Retail
- Amazon: https://www.amazon.com/gp/help/customer/display.html?nodeId=201962420
- Apple Store: https://support.apple.com/en-us/HT204915
- Best Buy: https://www.bestbuy.com/site/help-topics/2-step-verification/pcmcat1561056149844.c
- eBay: https://community.ebay.com/t5/Announcements/eBay-launches-a-new-2-step-verification-method-to-increase/ba-p/29818464
- Etsy: https://help.etsy.com/hc/en-us/articles/115015569567?segment=shopping
- Newegg: https://kb.newegg.com/knowledge-base/2-step-verification/
- Shopify: https://help.shopify.com/en/manual/your-account/account-security/two-step-authentication
- Uber: https://help.uber.com/riders/article/turn-on-2-step-verification?nodeId=b8bb9152-8c91-4f49-83c4-35cf2e1dcf72