Setting Up Two-Factor Authentication: A Beginner's Guide
Two-factor authentication is one of the most powerful free tools available to protect your accounts. This beginner-friendly guide walks you through setting it up on every platform that matters.
SafeHers Team
SafeHers Digital Safety Unit
If someone gets hold of your password — whether through a data breach, phishing, or shoulder surfing — two-factor authentication (2FA) is the last line of defence standing between them and your account. It is free, it takes less than five minutes to set up, and security researchers consistently identify it as one of the highest-impact individual security improvements you can make.
This guide explains what 2FA is, the different types available, and exactly how to enable it on the accounts that matter most.
What Is Two-Factor Authentication?
Authentication answers the question: "Are you really who you say you are?" Traditionally this is done with a password — something you know. Two-factor authentication adds a second layer: something you have (your phone) or something you are (your fingerprint).
Even if an attacker has your password, without the second factor they cannot log in. It is that simple, and that powerful.
Types of Two-Factor Authentication
Not all 2FA is equally secure. Here they are ranked from weakest to strongest:
1. SMS OTP (weakest, but far better than nothing)
A one-time code is sent to your phone by text message. The weakness is SIM swap attacks (see our mobile money fraud article). However, SMS 2FA is still significantly better than no 2FA.
2. Email OTP
A code is sent to your email. Only as secure as your email account — make sure your email itself has 2FA enabled first.
3. Authenticator App (recommended)
An app on your phone generates a new 6-digit code every 30 seconds based on a secret key. Even if an attacker intercepts your network, they cannot capture useful codes. Popular apps: Google Authenticator, Authy, Microsoft Authenticator.
4. Hardware Security Key (strongest)
A physical USB or NFC key that you plug in or tap to authenticate. Virtually impossible to phish remotely. Best for high-value accounts. Example: YubiKey.
Our recommendation for most people: start with an authenticator app. Install Authy (it supports backups) or Google Authenticator.
How to Enable 2FA on Key Accounts
Google / Gmail
- Go to myaccount.google.com
- Select Security > 2-Step Verification
- Click "Get Started" and follow the prompts
- Choose "Authenticator App" when given options
- Scan the QR code with your authenticator app
- Enter the 6-digit code to confirm
Save your backup codes in a secure location offline.
- Open WhatsApp > Settings > Account > Two-Step Verification
- Tap "Enable" and create a 6-digit PIN
- Add a recovery email address
- Confirm your PIN
- Go to your profile > Menu (three lines) > Settings > Security
- Tap "Two-Factor Authentication" > "Get Started"
- Choose "Authentication App" for best security
- Settings > Security and Login > Two-Factor Authentication
- Click "Edit" and choose your preferred method
- Follow the setup prompts
Mobile Banking Apps
Check your bank's app settings under "Security" or "Profile". Most major African banks now support OTP-based 2FA for transactions. Enable it and register your primary phone number.
What to Do When You Get a New Phone
This is where many people lose access to their accounts. Before switching devices:
- Transfer your authenticator app codes (Authy has a built-in transfer feature; Google Authenticator now supports export).
- Note your backup codes for all accounts — store them offline.
- Deactivate your old device's authentication before factory resetting it.
The Golden Rule
If you only do one thing after reading this: enable 2FA on your primary email account. Your email is the master key to almost every other account you have. If someone controls your email, they can reset every other password. Protect it first.
Published by SafeHers. Cybersecurity basics are covered in our Online Safety curriculum module. Contact us to arrange training for your organisation.
Stay informed
Get safety knowledge in your inbox
Join the SafeHers newsletter for practical guides, new resources, and updates on our programmes across Africa.
Related Articles