With two-factor authentication (2FA) enabled, you instantly make your online accounts harder to access without permission. Attempting to access an account from a new device prompts the service to send a unique code to your phone, so you have the power to approve or deny logins.
Below, we explain how to lock up your data. You might not want to work through the whole list in one go, so bookmark this page and revisit another time if needed.
For unlimited 1-2-1 expert tech advice by phone, email, remote fix and in print
Already a Tech Support member? For 1-2-1 technical advice, scan the QR code to go to our Tech Support booking tool. Reading this on your phone or tablet? Click to go to our .
1. WhatsApp – protect messages and attachments
If WhatsApp is your go-to messaging app, it's probably crammed with private conversations – including written messages, voice notes and attachments.
Adding 2FA to your WhatsApp account means you'll regularly be asked to enter a Pin to continue using the app. If your phone gets stolen and ends up in the wrong hands, that means your messages (and attachments) will remain locked.
When setting up 2FA, WhatsApp will also request an email address – this will be used as a backup in case you forget or misplace your Pin.
2. Gmail – hide emails containing personal data
Enabling 2FA for your Google account only takes a couple of minutes and is an effective way to keep prying eyes away from your inbox.
Once you've activated the feature, you'll need to complete a second step to verify it’s you if you choose to sign in with a password. If you're attempting to access your messages from a new PC, for example, you'll need to input the code sent to your mobile.
3. Outlook – stop hackers from resetting other apps
Your Outlook inbox effectively acts as a gateway to your other online accounts, which is why it's crucial to protect it.
If an attacker gains access to your messages, they could intercept password reset emails and use them to change the passwords of other accounts, including those for banking, social media or shopping sites.
Adding 2FA to your Microsoft account means you’ll receive a security code to your email, phone or authenticator app every time you sign in on a device that isn't trusted. Potential hackers will be stopped in their tracks, as they won't know your unique security code.
4. Facebook – protect against phishing scams
Your social media account serves as a storage hub for personal information, photos and private messages. It likely contains a wealth of data that third parties could exploit, so take a moment to configure your security settings.
Data-hungry hackers will always revel in the chance to access social media accounts – doing so allows them to impersonate the account owner, spread spam or even demand money from contacts. This is known as a phishing scam.
When Facebook's 2FA system is activated, you'll be asked to enter a login code or confirm your login attempt each time someone tries accessing Facebook from a browser or mobile that Facebook 'doesn't recognise'.
5. PayPal – keep your money safe
PayPal can be secured with Google authenticator or Microsoft authenticator – both apps are used to generate time-sensitive login codes.
Once 2FA is turned on, unauthorised users can't initiate transactions or withdraw funds from your account without verifying the login code. We recommend setting it up through your web browser rather than the PayPal app – we’ve tried both methods and using a computer is easier.
6. X (formerly Twitter) – prevent spam posts
Staying on top of your X security details will stop hackers from
accessing your private messages or posting malicious links under a false identity. If your account is found to be sharing problematic content, it could get banned permanently.
When you turn on 2FA, instead of just entering a password to log in, you'll also need to enter a code or use a security key. Part of the setup process requires an email address so X support can communicate with you if there's a problem.
7. Amazon – block fraudulent orders
Take a couple of minutes to protect against hackers looking to place orders through your account without permission.
You can secure your Amazon account using one of two methods. The first simply involves adding your phone number to the authenticator tool – that number will then receive a text message with a code every time you want to log in.
Alternatively, you can use an authenticator app such as Google Authenticator. If you go that route, your authenticator app will generate a time-sensitive code that you enter on the Amazon app. Regardless of which method you choose, you can be confident knowing you've added a layer of security to your account.
Try a Which? Best Buy antivirus
With a Which? recommended antivirus software package protecting your device, your data is safe.
To find the best options, we subject antivirus programs to tens of thousands of threats, including viruses, ransomware and phishing attacks designed to steal your data. The test is repeated four times a year and the scores we publish are based on a full year of testing.
The best free antivirus we've tested The best paid-for antivirus we've tested Explore the results of our rigorous security tests – see our expert pick of theJoin Which? Tech Support
Which? Tech Support can help you keep on top of your home tech. Our experts explain things clearly, so you can resolve issues and feel more confident using your devices.
Get unlimited 1-2-1 expert support:
by phoneby email by remote fix in print Which? TechJoin .source https://www.which.co.uk/news/article/smartphone-apps-you-need-to-secure-right-away-aP4pa4b8GYSo