How does it work?

Strong authentication requires you to have more than just your password to sign into your account. Strong authentication tools are widely available on major email and social networking sites. Here are the most common methods you can choose from:



Here’s how to turn on strong authentication.

  • Dropbox

    Two-step verification is an optional but highly recommended security feature. Once enabled, Dropbox will require a six-digit security code or a security key in addition to your password. Note: Before enabling two-step verification, you'll receive ten backup codes. Copy these codes down and store them securely. If you ever lose your phone, or can't receive or generate a security code, you'll need one of these backup codes to access your Dropbox. Once a backup code is used, it can't be used again. Find out more from Dropbox here.

  • Facebook

    As more individuals and businesses turn to Facebook to share and connect with others, people are looking to take more control over protecting their account from unauthorized access. Login approvals is a Two Factor Authentication system that requires you to verify your identity via a code sent to your mobile device or by using a physical security key (yubikey) whenever you log into Facebook from a new or unrecognized computer. Once you have verified your identity, you’ll have the option to save the device to your account so that you don’t see this challenge on future logins. Find out more from Facebook here. Yubikeys were first introduced in 2017. The function allows you to register the physical security key to your account so that the next time you login after enabling login approvals, you'll simply tap a small hardware device that goes in the USB drive of your computer. Security keys can be purchased through companies like Yubico, and the keys support the open Universal 2nd Factor (U2F) standard hosted by the FIDO Alliance.

  • Google

    With 2-Step Verification on your Google Account, it takes more than just your password to sign in. This could be a six-digit code that you get through the Authenticator app or SMS. For even stronger protection against phishing, you can set up a Security Key. You can learn more about using a Security Key on your Google Account at If you opt to receive authentication codes over SMS, be sure you’re taking the steps under “Protect Mobile Devices” to keep your phone safe.

  • iCloud

    With two-factor authentication, your account can only be accessed on devices you trust, like your iPhone, iPad, or Mac. When you want to sign in to a new device for the first time, you'll need to provide two pieces of information—your password and the six-digit verification code that's automatically displayed on your trusted devices. By entering the code, you're verifying that you trust the new device. For example, if you have an iPhone and are signing into your account for the first time on a newly purchased Mac, you'll be prompted to enter your password and the verification code that's automatically displayed on your iPhone. Find out more from Apple here.

  • Instagram

    Two-factor authentication is a security feature. When two-factor authentication is on, every time you log into Instagram from an unknown device you'll be asked to enter an SMS security code or backup code in addition to your username and password. Find out more from Instagram here.

  • LinkedIn

    If you choose to add this additional layer of security, you'll be asked to provide a cell phone number that will be used to send you verification codes each time you sign in to LinkedIn from a device we don't recognize. Once you've provided a valid phone number, we'll send a text to that number with the code. If you verify the code successfully, then two-step verification will be turned on. Please note, you'll have to have a mobile phone number associated with your LinkedIn account before you can complete the two-step verification. Learn more about how to add and remove phone numbers on your LinkedIn account. Find out more from LinkedIn here.

  • Microsoft (Including Outlook)

    If you turn on two-step verification, you’ll get a security code to your email, phone, or authenticator app every time you sign in on a device that isn't trusted. When it’s turned off, you will only have to verify your identity with security codes periodically, when there might be a risk to your account security.  Important!  If you turn on two-step verification, you will always need two forms of identification. This means that if you forget your password, you need two contact methods. Or if you lose your contact method, just your password won't get you back into your account. For that reason, we strongly recommend you keep three pieces of security info on your account, just in case. Find out more from Microsoft here.

  • Salesforce

    Implementing two-factor authentication is one of simplest and most effective actions your company can take to improve security of your Salesforce deployment. Salesforce supports multiple methods of two-factor authentication including U2F Tokens, OAUTH HOTPs, Temporary Tokens, and Salesforce Authenticator. Salesforce Authenticator is a mobile app downloaded by each user and the settings are configured by the Salesforce Administrator. You can require two-factor authentication each time a user logs in with a username and password to Salesforce . To set the requirement, set the “Two-Factor Authentication for User Interface Logins” permission in the user profile or permission set. Find out more from Salesforce here.

  • Twitter

    Login verification is an extra layer of security for your Twitter account. Instead of only entering a password to log in, you’ll also enter a code which is sent via text message to your mobile phone. This verification helps make sure that you, and only you, can access your account. After you enable this feature, you will need both your password and your mobile phone to log in to your account. When you login to, Twitter for iOS, Twitter for Android, or, you will receive a text message with a six-digit login code to enter (see our list of supported carriers here). Find out more from Twitter here.

  • Yahoo

    Two-step verification is another layer of security that uses your password plus a code to verify your identity when you sign in to your account on a new, unrecognized device for the first time or after clearing the cache in your browser. Yahoo will send your cell phone a code by text or phone call that only you'll have access to. Learn how to turn on two-step here.  Some apps (like iOS Mail, Android Mail, Outlook, and Yahoo messenger for PC) require a specific password to connect that app with Yahoo. If you enable two-step verification, you'll need to create a third-party app password to use in apps like these.

  • More Authentication Resources

    More Authentication Resources - provides step-by-step instructions on enabling the free security feature that prevents hackers from accessing your accounts, even if they know your password.

    ​ lists websites that have two-factor authentication available and detailed instructions for each site.