Chykalophia Docs
Security

How to set up two-factor authentication

Step-by-step instructions for enabling two-factor authentication on your most important accounts — email, your website, and more.

securitytwo-factor-authenticationbeginner

Setting up two-factor authentication (2FA) takes about five minutes per account. You only do it once — and it dramatically reduces the risk of someone breaking into your account even if they have your password.

Quick summary

Two-factor authentication adds a second login check: after your password, you enter a one-time code from your phone. Set it up on your email first — it is the most important account to protect. Then your website, hosting, domain registrar, and financial accounts. The process is similar for every service.

What you'll need

Beginner 5 minutes per account
  • Your phone (to receive or generate codes)
  • An authenticator app (recommended) — see Using an authenticator app
  • Access to the account you want to secure

The general process for any account

Most services follow the same steps:

Open your account settings. Look for "Security," "Privacy," or "Account." The exact label varies by service.

Find the two-factor or multi-factor authentication option. It may be called "2-Step Verification," "MFA," or "Two-Factor Authentication."

Choose your method. Select "Authenticator app" if available — it is more secure than SMS.

Scan the QR code. Open your authenticator app, tap the "+" or "Add account" button, and point your phone's camera at the QR code on screen.

Enter the first code. Your app will show a 6-digit code. Type it in to confirm the connection is working.

Save your backup codes. The service will give you a set of one-time recovery codes. Save these somewhere safe — in your password manager's secure notes, printed and in a locked drawer, or both.

You're done

2FA is now active. The next time you log in on a new device, you'll be asked for a code from your authenticator app.

Setting up 2FA on specific services

Google 2-Step Verification:

  1. Go to your Google Account at myaccount.google.com.
  2. Click Security in the left sidebar.
  3. Under 'How you sign in to Google," click 2-Step Verification.
  4. Click Get started and follow the prompts.
  5. Choose Authenticator app and scan the QR code with your app.
  6. Save the backup codes Google provides.

Google also offers security keys, Google prompts, and backup phone numbers. The authenticator app option is the strongest.

Microsoft multi-factor authentication:

  1. Go to mysignins.microsoft.com/security-info.
  2. Click Add sign-in method.
  3. Choose Authenticator app from the dropdown.
  4. Follow the prompts to scan the QR code with your authenticator app.
  5. Enter the test code to verify it is working.

Microsoft also supports hardware security keys and SMS. Your organization's admin may have already required MFA for your account.

WordPress does not include 2FA out of the box — you need a plugin.

We recommend one of these:

  • WP 2FA — easy to set up, supports authenticator apps
  • Wordfence — if you already use Wordfence for security, it includes 2FA

After installing the plugin:

  1. Open the plugin's settings.
  2. Enable two-factor authentication for your user role.
  3. Follow the setup wizard to connect your authenticator app.
  4. Save your backup codes.

See also: Securing your WordPress site.

Setting up 2FA on your domain registrar

Your domain registrar is critically important. If someone gains access to your domain registrar, they can redirect your website and email to a server they control. Protect it with 2FA.

Look for security settings in your registrar's account dashboard:

  • GoDaddy: Account settings → Login & PIN → 2-step verification
  • Namecheap: Profile → Security → Two-Factor Authentication
  • Cloudflare: My Profile → Authentication → Two-factor authentication

The steps vary by registrar, but follow the general process above.

What to do if something goes wrong during setup

Don't lock yourself out

Before finishing 2FA setup, always save your backup codes. If your phone is lost, stolen, or replaced, backup codes are how you get back in.

If you get locked out of an account after enabling 2FA:

  1. Look for a "Use a backup code" link on the login page.
  2. Check your saved backup codes.
  3. Use the account's account recovery process (usually involves verifying your identity by email or phone).

Common questions

Need a hand?

If you're stuck, email support@chykalophia.com and we'll help. Include your website address and a screenshot if you can.

Learn more

Two-factor authentication, explained

What two-factor authentication is, why it matters so much, and which type to use for the best protection.

Using an authenticator app

How authenticator apps work, which one to choose, and how to set one up on your phone for two-factor authentication.

On this page

What you'll needThe general process for any accountSetting up 2FA on specific servicesSetting up 2FA on your domain registrarWhat to do if something goes wrong during setupCommon questionsRelated guidesLearn more
How to set up two-factor authentication | Chykalophia Docs