Skip to main content

How to Turn On 2-Step Verification

Google, Yahoo, Apple and Dropbox


From your Google Accounts page, click Security and then click Edit under "2-step verification."

From the "Signing in with 2-step verification" page, click Start Setup. Google will prompt you for your phone number and then send a numeric code to your mobile device via SMS.

Once you receive the code, enter it. Google will ask if you want to "trust this computer." Leave the box checked if it is a personal device that only you use; uncheck the box if it is a public or shared computer.

From this point forward, you'll be asked for a verification code whenever you attempt to log in to Gmail, YouTube, Google+ or any other Google account.

For some applications that work outside of the browser, users may need to create application-specific passwords. These include some Android apps including Gmail, the Google Voice app on iOS, mail clients like Microsoft Outlook and chat services like AIM and Google Talk.

To create passwords, return to the Security page of Google Accounts. Under "2-step verification," click on "Manage your application-specific passwords."

You'll be prompted to re-enter your Google password. After that, you'll be taken to a page that lists the applications and services that have access to your Google account. The page also has a tool to generate new passwords for more applications and services.

To use the tool, name the device, app or service for which the password is being created, and let the tool generate the password.

Here's the tricky part. When you next log into Google from that device, app or service, don't use your regular Google password — use the application-specific password instead.

You'll need to do this only once for each new service. [See also: How Secure is Google Drive?]


From the Yahoo profile page, click on the link that says, "Setup your second sign-in verification." On the following page, check the box that prompts you to turn on the added security feature.

Enter your mobile number and then input the security code Yahoo sends to your mobile phone. When signing on from unfamiliar devices, you will now be prompted to verify the login with a texted code.


Apple ID users can turn on two-step verification by going to the Apple ID website at and selecting the Password and Security section from the left-hand menu bar.

On the following page (you may have to answer some security questions first), click "Get started" under the "Two-Step Verification" header.

On the next page, read the instructions and then click "Continue." Enter a mobile phone number, then enter the code texted to that phone number.

From that point on, you will be asked to enter a texted code when logging in from a new device, resetting your password or making other account changes.

It's important to note that Apple's two-step authentication does not protect users' iCloud accounts, which, in our opinion, leaves a big hole in Apple's security. (UPDATE: Apple's process now covers iCloud accounts as well.)

If a user's iCloud account were to become compromised, such as through a cracked or guessed password, the attacker could use the Find My Phone feature or iCloud Mail to take over the corresponding iTunes account.


Dropbox users can enable two-step verification by first signing into the Dropbox website, and then clicking on their name on the upper right.

On the resulting drop-down menu, click Settings, and then the Security tab.

Under "Account sign in," there will be a line reading "Two-step verification." Click "enable," and re-enter your password.

From there, enter your mobile phone number. As with the other services, you'll have to input the code texted to that number for the device you're currently using, and for every new device thereafter.

Follow Ben Weitzenkorn on Twitter @benkwx. Follow us @tomsguide and on Facebook.