Contact Us

Edit Template

How to turn on 2-step verification for your email account

Helpful Guide

Your email account is one of the most important accounts you own. If somebody gets into it, they may be able to reset passwords for other services, read private messages, or use your account to trick family members.

The good news is that most major email providers now offer an extra sign-in check called 2-step verification, sometimes called 2FA or two-factor authentication. It adds a second safety step after your password, which makes it much harder for somebody else to break in.

The simple version: keep your normal password, then add one more check such as a prompt on your phone, a code from an app, or a trusted device. It only takes a few minutes to set up and gives your email account much better protection.

This guide explains what 2-step verification means, which second-step options are usually safest, and how to switch it on for Gmail, Outlook, and Apple email accounts.

Why it is worth doing

The UK National Cyber Security Centre says turning on 2-step verification is one of the most effective ways to protect important online accounts. It helps even if your password is strong, because a criminal would still need the second step as well.

That matters because passwords can be stolen in data breaches or through scam emails and fake sign-in pages. Adding a second check gives you another line of defence.

Important: 2-step verification helps protect you after a password leak, but it does not mean you should ever read out verification codes to somebody on the phone. Real providers do not need you to hand over a code so they can “check” your account.

What counts as the second step?

Different companies use different methods. The extra step might be:

  • A prompt on your phone asking if it is really you.
  • A code from an authenticator app.
  • A text message or phone call with a code.
  • A trusted device that can show a verification code.
  • A passkey or security key on some accounts.

Whenever you have a choice, a prompt, authenticator app, trusted device, or passkey is usually better than text messages alone. Google says prompts are easier and can help protect against phone-number hijacking, while Microsoft has started phasing out SMS for personal accounts.

Before you turn it on

Take two minutes to get ready first. It makes the setup much smoother.

  1. Check you can sign in normally with your password before changing anything.
  2. Have your phone or trusted device nearby.
  3. Make sure your current phone number is correct if the service uses one.
  4. Write down or print any backup codes and keep them somewhere safe, not in plain sight.
  5. Use a device you own and do not share when choosing any “trust this device” option.

Good habit: if you change your mobile number or replace your phone, update your account security settings before you stop using the old one. That can save a lot of stress later.

How to turn it on for Gmail or a Google account

Google says you can turn on 2-Step Verification from your Google Account settings.

  1. Open your Google Account.
  2. Select Security & sign-in.
  3. Under How you sign in to Google, choose Turn on 2-Step Verification.
  4. Follow the on-screen steps.

Google recommends using Google prompts where possible. If you prefer, you can also set up an authenticator app or backup codes. Google warns never to share verification codes with anyone, and says backup codes should be kept somewhere safe.

If you want an easier way to manage passwords alongside this, our guide on storing passwords safely with a password manager may help.

How to turn it on for Outlook or a Microsoft account

For Outlook.com email, the setting sits under your wider Microsoft account security options.

  1. Sign in at account.microsoft.com/security.
  2. Select Manage how I sign in.
  3. Under Additional security and Two-step verification, choose Turn on.
  4. Follow the instructions shown on the screen.

Microsoft says two-step verification uses your password plus a separate contact method or security detail. It also warns that if you turn it on, you should have more than one recovery method available. Microsoft specifically recommends having three pieces of security info linked to the account if possible, because recovery can otherwise take time.

Do not skip recovery planning: Microsoft says losing your contact method can leave you waiting up to 30 days to regain access. Add extra security info while you are calm, not after a problem starts.

How to turn it on for Apple Mail or iCloud email

If you use iCloud email, the setting is part of your Apple Account security.

  1. On iPhone or iPad, open Settings. On a Mac, open System Settings.
  2. Choose [your name], then Sign-In & Security.
  3. Turn on two-factor authentication and follow the on-screen steps.

Apple says most accounts already use two-factor authentication, but if yours does not, you can also turn it on through account.apple.com. Apple uses trusted devices and trusted phone numbers to help verify that it is really you.

Apple also recommends protecting the device itself with a passcode and Face ID, Touch ID, or a Mac login password where available.

Which second-step option should you choose?

If the service gives you a few choices, this order is a sensible place to start:

  1. Trusted prompt, authenticator app, or trusted device for everyday use.
  2. Backup codes kept offline in case your phone is unavailable.
  3. Text message or phone call only if that is the option you are most likely to use reliably.

The safest setup is usually the one you will actually keep working. A strong method that you never finish setting up is less helpful than a simple method you use properly.

What not to do

  • Do not share verification codes, even if a caller sounds professional or urgent.
  • Do not approve a sign-in prompt unless you started that sign-in yourself.
  • Do not rely on one old phone number forever. Keep your details current.
  • Do not trust a link in a surprise email that asks you to “secure your account”. Open the real account settings yourself instead.

If you are unsure whether a message is real, our guide on checking whether a text or email is real before you reply explains the calmer way to stop and verify.

If you lose your phone or change your number

This is where a little preparation really helps. Google offers backup codes, Microsoft advises storing several forms of security information, and Apple lets you manage trusted phone numbers and devices.

If you still have access to your account today, this is a good moment to:

  • Add a backup option if the service allows one.
  • Check the trusted phone number is current.
  • Save backup codes in a safe place.
  • Remove old devices you no longer use.

Apple notes that account recovery can take a few days or longer if you lose access to your trusted devices and trusted phone numbers, so it is worth checking these now rather than later.

When one-to-one help is useful

Turning on 2-step verification is straightforward once the right screen is in front of you, but it can feel fiddly if you are switching between a phone, tablet, and laptop or if the wording is unfamiliar.

Simply Tech Support can help you set up email security step by step, check recovery details, update trusted phone numbers, and make sure you know which prompts to trust and which ones to ignore. You can see the Simply Tech Support services page if you would like patient practical help at home.

Sources

Previous Post
Next Post

Home visits across Warwickshire & the West Midlands

About Us

About Us

Copyright Notice

Payment Methods

Information

Contact Info

© 2026 SIMPLY TECH SUPPORT

Privacy and cookies

We use essential cookies and local storage to make this website work, remember your choices and keep enquiry forms secure. Any details you send are used only to respond to your request.

Privacy policy