Two-Factor Authentication (2FA) works by adding a layer of security to your online accounts. It requires an additional log in credential – beyond just the username and password – to gain account access. Getting that second credential requires access to something that belongs to you, for example, a mobile phone.

In this article, I will explain how to set up 2FA on your mobile phone. Several apps can generate the codes (additional login credentials) to be used with 2FA. The three most popular choices are:

Google Authenticator

Google Authenticator is a software-based authenticator by Google that implements two-step verification services using the Time-based One-time Password Algorithm (TOTP; specified in RFC 6238) and HMAC-based One-time Password algorithm (HOTP; specified in RFC 4226) for authenticating users of software applications.

When logging into a site supporting Authenticator (including Google services) or using Authenticator-supporting third-party applications such as password managers or file hosting services, Authenticator generates a six- to eight-digit one-time password which users must enter in addition to their usual login details.

It can be downloaded from the app store for Android devices and iPhone

Microsoft Authenticator

The same but from Microsoft instead of Google.

It can be installed following the official instructions at https://www.microsoft.com/en-us/account/authenticator

FreeOTP

Another choice that is available for Android and iOS devices. It completely open-source and developed by RedHat. Due to its independence, I will instruct you on how to install and set up this app.

It can be downloaded following the instructions at https://freeotp.github.io/

In this example, I will install the FreeOTP app on an iOS (Apple) device. After going to https://freeotp.github.io/ and clicking on the button “Download on the App Store”, I will follow the instructions of the app store to install the app.

Once the app has been installed, the first we open, we see “No tokens have been added yet” and a button to add a new token under that message.

Clicking on the button mentioned above, the device will prompt permission to use the camera. After accepting the permission request, the app will try to scan a QR code.

For testing purposes, we can point our camera to the following QR code:

QR Code Example

After scanning the QR code, the app will request you to select an icon. Select any icon and click Next.

Last, if everything went well, you will see a button with the selected icon and the text: “blog.miguens.one, TestUser”. Pressing on top of the icon will display a six digits code for 30 seconds. This code changes every time, and you must enter the digits in the website that is requesting the code for the Two-Factor Authentication (2FA)