How to enable two-factor authentication on Google

The short answer

Go to your Google Account settings, open Security, and turn on 2-Step Verification — it takes about two minutes.

What is two-step verification?

Two-step verification (Google’s name for 2FA) adds an extra layer of protection to your account. Even if someone steals your password, they still need a second form of verification to sign in.

How to enable it on a computer

  • Go to myaccount.google.com
  • Click Security in the left sidebar
  • Under “How you sign in to Google,” click 2-Step Verification
  • Click Get Started and sign in if prompted
  • Choose a verification method (Google will suggest phone prompts by default)
  • Follow the prompts to complete setup

How to enable it on a phone

  • Open the Google app or go to myaccount.google.com in your browser
  • Tap your profile picture, then Google Account
  • Go to the Security tab
  • Tap 2-Step Verification and then Get Started
  • Follow the steps to choose your verification method

Verification methods you can choose

  • Google prompts — a tap-to-approve notification on your phone (easiest option)
  • Authenticator app — use Google Authenticator or a similar app to generate codes
  • Text message or call — receive a code via SMS or phone call
  • Security key — a physical USB or Bluetooth device (most secure option)

You can set up multiple methods as backups in case one is unavailable.

Things to know

  • Save your backup codes — Google gives you a set of one-time codes during setup. Store them somewhere safe in case you lose access to your phone
  • App passwords may be needed — some older apps that do not support 2FA will need a special app password, which you can generate in your security settings
  • You can turn it off later if needed, but it is strongly recommended to keep it on

What if you get locked out?

If you lose access to your verification method:

  • Use one of your backup codes
  • Try another verification method you previously set up
  • Go through Google’s account recovery process at accounts.google.com/signin/recovery

To avoid lockouts, always set up at least two verification methods and keep your backup codes in a safe place.