Do you know that you can avoid being scammed in the virtual world by using two-factor authentication methods and tools?
Being scammed in the virtual world has become a social issue day by day, affecting large masses. Although this situation seems unavoidable, certain precautions have been made mandatory by the individual, institutional and state power, and guides have been published for the use of accounts or the internet in various forms. We will try to explain the situation in the simplest way by focusing on the individual way of staying safe on the internet and two-step verification tools.
Primarily; Anyone who knows your username and password can access any of your social media or email accounts. As a result, you may lose your reputation on social media, be accused of fraud, your confidential information associated with your account may be exposed, and perhaps even your bank accounts may be emptied. To reduce these risks, it is useful to enable Two-Factor Verification.
Two methods are commonly used for two-factor authentication (Two-Factor Authentication / Two-Factor Verification / 2FA).
- In the first method, when logging into your account, you will be asked to enter the short code sent by SMS after your username and password match.
- In the second method, you have to enter the code from a special authorization application.
Google Authenticator Setup
Google Authenticator is an official authentication application developed by Google. Search for the word “Google Authenticator” in the Play Store and install the application. Google Authenticator app also has IOS/iPhone support.
Important Notice: While protecting your account with Google Authenticator, sites offer you backup access codes. Do not forget to save these codes securely.
Enabling two-step verification on social media networks
From the "Settings" page, we come to the "Security and Login" tab. Click the “edit” button opposite the text “Use two-factor authentication” in the “Two-Factor Authentication” field. It asks us to choose a security method. Click the "Use Authentication App" button. For security reasons, it asks us to re-enter our password. If we have entered the password correctly, a small window appears with the QR code in it. We need to scan the QR code with the Google Authenticator app. We scan and add account. Then we press the continue button on the screen that appears. This time, a window titled "Enter Confirmation Code" appears. We enter the code that appears in the Google Authenticator application and press the continue button. When the process is complete, the message “Two-Factor Authentication On” appears on the screen. We press the Done button.
At the end of the process, don't forget to click the "Show Codes" button from the "Recovery Codes" area and download the codes from the window that comes up and don't forget to backup.
Since it is not possible to activate the two-step verification feature on the Instagram website, we install the Instagram application and log in to the application. Go to the profile area in the lower right corner of the application, then the striped menu in the upper right corner of the application., from the pop-up windowSettings > Security > Click the "Two-Factor Authentication" button. A warning page appears that says "Add More Security to Your Account". Click the "Get Started" button at the bottom of the page. We click on the button next to the option “Authentication Application” and activate it. A new page opens that says "Get Code from Google Authenticator". Click the "Next" button at the bottom of the page. We say OK to the “Save key for” prompt. The Google Authenticator page opens. Click the "Add Account" button in the window that opens. Then, without pressing the back button, we open the Instagram application and click the "next" button from the "Enter Access Code" screen. It will ask us to enter the code, we enter the code written in the Google Authenticator application and confirm it.
Returning to the Two-Factor Authentication page, we click on the "Additional Methods" option at the bottom of the page and firmly back up the recovery codes from the "Backup Codes" field.
On the Twitter site, we click on the "More" button on the left, click on the "Settings and privacy > Security and account access > Security > Two-factor authentication" link in the pop-up window and tick the checkbox next to the "Authentication application" in the window that opens. The window titled “Protect your account in just two steps” will open. Click the "Start" button at the bottom of the window. We scan the QR code that appears with Google Authenticator and press the "Add Account" button. Then we go back to the site and click the “next” button. On the "Enter confirmation code" screen, we enter the code that appears on the "Google Authenticator" and click the "Confirm" button. Click OK to the next window.
We click on the "Backup codes" field in the "Additional methods" field at the bottom of the "Two-factor authentication" page and back up the backup codes that appear on the screen.
YouTube
Click on the profile picture in the right corner of the YouTube site and click on the "Settings" menu. Click on the "View or change your Google Account settings" link on the page that opens. Click the “Security” item in the left menu of the window that opens, and then the “off” warning opposite the “Two-step verification” text under the “Google sign-in” text in the window that opens.
On the information screen titled “Protect your account with 2-Step Verification”, we click the “get started” button. At this stage, the password screen will appear to re-login to your Google account. Enter the password and press the "Next" button. We check your phone number under the text "Let's set up your phone" and if the phone number is correct, leave the "Text message" option as it is and click the "Next" button. We enter the code in the form of G -123456, without skipping the G and dashes, and click on the “Next” button. "It worked! Turn on 2-Step Verification?” If the text appears, we click the “Open” button.
The right arrow next to the field that says “Google Authenticator app” from the window that opens after enabling SMS verification, that is > We click on the sign, then the “Setup an authenticator” button and scan the QR code that appears on the screen with the Google Authanticator application. The account will be added when the scanning process is finished. We return to the page and press the “Next” button and enter the code from the Google Authenticator application in the field on the screen.
This change will protect access to all Google apps. You don't need to edit for other Google apps one by one.
We return to the “2-Step Verification” page and click on the “Backup codes” field. We create and back up backup codes by following the instructions.
Click on the profile picture in the upper right corner of the site and click on the "Settings and privacy > Login and security" link. Click the "Change" link next to the "Two-step verification" text at the bottom of the window that opens, then "Two-step verification turned off." Click the "open" link next to the text. Make sure that under the text “Choose your authentication method” it says “Authenticator Application” and click the “Continue” button. It will ask for a password, enter your password and click the “done” button. A new area on the page will open with a QR code. Scan the QR code with the Google Authenticator application, enter the code on the screen into the relevant field on the Linkedin site and click the "Continue" button.
In the "Two-step verification" area at the bottom of the account access page, click the "Recovery codes" link and back up the codes in the window that opens.
Click on the profile picture in the upper right corner of the site, then click on the “User settings > Safety & Privacy” tab. Click on the setting button next to the text “Use two-factor authentication” at the bottom of the pop-up window and activate it. A small warning window will open, click the “Continue” button, enter your password and proceed. Scan the QR code on the incoming window and click the "Complete setup" button. “You're two-factor authenticated!” If you see the text, the process is complete.
Click the "Get your backup codes" link written in very small letters under the "Use two-factor authentication" text at the bottom of the "Safety & Privacy" page and back up the codes in the window that comes up.
Discord
Click on the gear button next to the username in the lower left corner, and on the "Enable Two-Factor Verification" button on the page that opens. Enter the password and press the “Continue” button. Scan the QR code in the window that opens with Google Authenticator, enter the code in the application on the Discord screen and click the "Activate" button.
When you come to My Account page, "Two-Factor Verification" and "View Backup Codes" button will appear. You can click the button, follow the instructions and view the codes. Don't forget to backup the codes you view.
Mastodon
Mastodon Click the "Edit profile > Account > Two-step verification" link under the profile picture in the upper left corner of the website, and click the "Configure" button on the page that comes up. You will be asked to confirm your password. Read the QR code in the window that comes after the verification process with Google Authenticator. Enter the code in the application on the screen and press the “Activate” button. The codes reflected on the screen are backup codes and keep them well.
If you have not backed up the codes, you can renew the codes by clicking the "Generate Recovery Codes" button on the "Two-step verification" page. Don't forget to backup the codes.
Enabling two-step verification on various sites
WordPress.com
Click on the “Two-Step Authentication” field under “Security”. Once you see the “Install using an app” option is enabled, click the “Get started” button. Scan the QR code on the screen with Google Authenticator. Enter the code in the application on the screen and click the “Activate” button. On the screen showing the backup codes, print the codes or download them and save them in a safe place. Then select the "I have printed or saved the codes" option and click the "All Done" button.
WordPress Blog
If you have your own WordPress blog where you can install a plugin, the “SG Security” plugin supports two-step verification. Few more apps include this support. Note that after installing and activating the appropriate plugin, settings related to two-step verification must be edited in the plugin settings. Since this part changes from plugin to plugin, I only refer to it as a name.
e-Government (turkiye.gov.tr)
The "e-Government Key" application, which works integrated with the e-Government application, provides two-step verification support. There are some reported flaws in the application. You may need to stay away if you are going to use it from abroad until SMS verification support comes and time zone related errors are fixed. Unfortunately, the e-Government site does not support 3rd party applications.
amazon.com.tr
The amazon.com.tr site, which we usually need for book shopping, also offers two-step verification support. Click on the profile area in the upper right corner of the site. In the window that opens, click on the "Login and Security" field. If the password screen appears, enter your password and then click the "Edit" button next to the "Advanced Security Settings:" text in the window that opens. Click the "Start" button on the page that opens. In the “Choose the method to receive the code from” window, click on the “Authentication Application” section. Scan the QR code in the drop-down area with the Google Authenticator application and enter the code on the screen and click the "Verify code and continue" button. You can select the option "Request code in this browser" in the new field. Click the “Get it – Enable Two-Step Verification” button.
I couldn't find how to get backup codes for Amazon site. Maybe there isn't any.
Enabling two-step verification for messaging apps
Enter the WhatsApp application, click the three-dot menu in the upper right corner, click "Settings > Account > Two-step verification". Read the warning on the page well and click the “Activate” button. You will then be prompted to set a new 6-digit password. If you forget the key after entering the new password twice, you will be prompted to enter the email address you will use to reset it.
There is no backup code support for WhatsApp. The e-mail address you entered is used for password reset.
Telegram
Log in to the application and click "Settings > Privacy and Security > Two-Step Verification" from the lined menu at the top left. We read the warning in the window that opens and click the "Set Password" button. We are prompted to enter the new password and then verify it. Next, we need to set up the "Recovery Email". We enter our e-mail address and enter the password that comes to our e-mail box on the screen. “Password Set!” When we see the warning message, we click the "Back to Settings" button.
Telegram application does not support backup code. The e-mail address you entered is used for password reset.
Conclusion and Final Warning
I tried to explain how to enable Two-Factor Verification features on the sites and apps I use as much as possible. Make sure to download and securely store backup access codes locally for sites you have enabled Two-Factor Verification.
