How to turn on two-factor authentication for your reddit account

Two-factor authentication is a way to add an extra level of security when you log in to your Reddit account. First, you log in with your Reddit username and password. (That’s one factor.) Then, instead of being logged in right away, you’ll be asked for an additional 6-digit authentication code generated from an app on your phone or device. (That’s the second factor.)

This two-factor authentication is only used when you log in to Reddit account with a password. If you use your Google account or Apple ID to log in, you’ll need to set up two-factor authentication through them.

Currently, you can only enable two-factor authentication by logging into Reddit on your computer’s web browser .

Once you’re logged in, follow these steps:

New Reddit

  1. Click on your username in the top right of your screen.
  2. Select User Settings and click on the Privacy & Security tab.
  3. Under Advanced Security, you’ll see the Use two-factor authentication control. To enable it, click the toggle to on .
  4. Next, enter your password and click Confirm.
  5. Follow the step-by-step instructions to set up your authentication and don’t forget to save your backup codes .
  6. After setup, you may be asked to log out and log back in to your account. Moving forward, you’ll need to enter a 6-digit code from your authenticator app every time you log in to Reddit.

Old Reddit

  1. Click preferences in the top right of your screen.
  2. Go to the password/email tab.
  3. Under two-factor authentication, select click to enable.
  4. Enter your password then click next.
  5. Follow the step-by-step instructions to set up your authentication and don’t forget to save your backup codes .
  6. After setup, you may be asked to log out and log back in to your account. Moving forward, you’ll need to enter a 6-digit code from your authenticator app every time you log in to Reddit.

Because two-factor authentication is set up using an app on your mobile phone, if you get a new phone you’ll need to disable your current two-factor authentication then set it up again on your new phone. If you somehow lose your phone or access to the authentication app you used to set things up, you can also use your backup codes to log in to your account.

If you have more questions that aren’t covered in these FAQs, check out r/help . Someone may have had the same question, or you can ask a new one and a Reddit administrator or one of your fellow redditors will help you out.

How to turn on two-factor authentication for your reddit account

With Cybersecurity becoming a big concern, two-factor authentication (2FA) is a topic that is becoming hotter with each passing day.

After all, who doesn’t want to keep their private data safe? Two-factor authentication may not be a bulletproof solution but is one of the easiest and best ways to shore up your virtual security.

Treat 2-factor authentication as a supplement to strong passwords, not as a replacement.

Two-factor authentication adds another security layer to the login process, reducing the chances of your account getting hacked. Just knowing and entering your password is not enough since there is a second layer which is usually time sensitive. This makes the process a whole lot more secure.

Here are some facts you would want to know before you enable two-factor authentication:

Four out of five data breaches could be avoided by using 2FA

Cyber threats are on a rise and 2-factor authentication actually helps to counter them.

Majority of the hacking-related breaches take place due to weak or stolen passwords. Since many users tend to use the same password everywhere, the risk grows ten fold. Clearly, something more than just passwords are needed.

According to a Verizon’s Data Breach Report, 80% of data breaches could be eliminated by the use of two-factor authentication.

2FA makes sure that even if your password gets compromised, the hacker has to crack another security layer before they can access your account. And since most of the 2FA methods are time-dependent, it makes the hacker’s job so much more difficult.

No wonder all the major websites and banks provide an option to enable 2-factor security.

Two-factor authentication is not a replacement for strong passwords

Weak and repeated passwords are a bane to Cyber security. No matter which account or service you’re using, it’s always best to set a unique complex password.

Using repeated passwords all over the Internet makes us vulnerable to massive impacts even if one site’s security gets breached. In such a case, all our accounts can be at the attacker’s disposal.

Even if you enable two-factor authentication, strong passwords are a must. As mentioned earlier, treat 2FA as a supplement to strong passwords, not as a replacement.

Always use a complex combination of letters, numbers, and special symbols to generate a strong and unique password for each service you use. You can also use a service like LastPass to easily manage your passwords.

Facebook is one of the leading companies supporting two-factor authentication.

There are two ways you can get the passcodes

You can generate the passcodes for 2FA in multiple ways. Codes can be generated on the server and then sent to you via Email, SMS or phone call. This usually requires network connectivity for your mobile and thus can leave you prone to inaccessible accounts in remote areas.

The other option is to generate the passcode offline on your phone or a hardware device. You can easily generate 2FA passcodes on your phone via apps like Google Authenticator, Authy or TOTP Authenticator. There are also hardware devices like YubiKey available in the market for setting up two-factor authentication.

This method is more robust as no data connectivity is required, leaving you less prone to network phishing.

In some cases, the second step can also be biometric verification or entering a PIN you set by yourself earlier.

Always back up. You don’t want to be locked out of your account

2FA works on the premise that you always have access to the secondary passcode. But in case you use a 2-factor authentication app and you lose your phone or your data gets wiped out, you can be locked out of your account.

To avoid such a scenario, some websites provide backup codes which you must save securely and can use in such situations. Alternatively, you can use an authentication app which provides the option to back up your security key and related data.

We developed the TOTP Authentication app for iOS and Android keeping this in mind. The app allows you to back up your security key and related information either to your device or to online storage options such as Google Drive in a hassle free way. The encrypted backup file can be set up on another device with just a couple of taps. You can download the app from iTunes store from here, and from Google Play Store from here.


Two-factor authentication is slowly becoming a norm in the digital world. Most of the banks, cloud storage services and social media websites already provide the option. You should switch on 2FA wherever possible. As they say, prevention is better than cure.

Have any questions about 2FA authentication? Shoot them in the comments!

To know more about 2-factor authentication you can also check out this article.

If this article was helpful, tweet it.

Learn to code for free. freeCodeCamp's open source curriculum has helped more than 40,000 people get jobs as developers. Get started

freeCodeCamp is a donor-supported tax-exempt 501(c)(3) nonprofit organization (United States Federal Tax Identification Number: 82-0779546)

Our mission: to help people learn to code for free. We accomplish this by creating thousands of videos, articles, and interactive coding lessons – all freely available to the public. We also have thousands of freeCodeCamp study groups around the world.

Donations to freeCodeCamp go toward our education initiatives and help pay for servers, services, and staff.

I was wondering, for those who travel a lot and have two factor auth enabled, how do you deal with it? I, for example, am in Australia and obviously I can receive SMS codes just fine here. But when I am outside Australia, what am I going to do? This concerns me quite a lot because I dont want to turn off my two factor auth.

I read somewhere that you can use google auth app, but is this compatible with EVERYTHING?

Hope to get some solutions. Thanks all

Firstly, SMS-based 2FA is a dumb, flawed technology and anyone who works in IT that recommends it should be banned from the technology sector for life.

However, I'm aware that some awful, medieval banks only offer SMS-based 2FA.

And that's why most of us have a SIM that works anywhere.

I'm British and have a simple GiffGaff Pay As you Go SIM.

It works anywhere in the world and just requires something like £10 every six months.

I didn't even know SIM's that don't receive worldwide was a thing? My UK sims (mainly EE) have always received everywhere across Asia, Middle East, Europe. It's also Pay as you Go, no top-up required.

Yeh, and some medieval apps like Uber. At least now AirBnb seems to offer to send the code to an email 🙂

And have you tested your sim everywhere in the world? Is that what "GiffGaff" claims? Reading similar posts from a while ago, there were definitely reports of local sims just not working in certain locations, so it's kind of hard to know.

Firstly, SMS-based 2FA is a dumb, flawed technology and anyone who works in IT that recommends it should be banned from the technology sector for life.

But it's better than no 2FA at all.

I have a Google voice number that I can access regardless of SIM card (as long as I have internet) that I do all my two factor auth with.

Same. Skype used to work for this too. I'm worried about changes to Google voice interrupting our ability to use 2FA though

You must have an existing US-based mobile or landline phone number to qualify.

For Google voice, that is. Also some people report not receiving codes via GV while others seem to get them all, so it might not be 100%.

I put my Aussie sim card in my phone; do my banking (or whatever); then swap the local one back in. Make sure you turn off Roaming / Mobile Data first.

That’s never cost me a cent, though it requires me to keep my Aussie phone number connected (which I would do anyway – it’s been my work and business number for 20 years!).

Just buy a cheap phone so you don’t have to keep switching sims. I bought an old Motorola for £10 in the U.K. and only use it to see who’s tried to call me and for texts.

So if i have an Aussie sim overseas, its free to receive verification text?? Cause i’m on one of those long term Optus plans but i’ve never plugged my sim in overseas.

That's good to hear – I've been living in Aus 7 years and now planning to travel permanently – although a Brit, I have an Aussie bank acc and MyGov which I need for digital certificates etc. My head has been boiling the last few months with different sites and authenticator apps and what happens if you lose your phone and need to re load apps – I think they're device specific? Plus people have been saying use Hushed, Google Voice etc which only give numbers from certain countries. Or use Last Pass as an authenticator etc etc – I've come to the conclusion that I will ask bank for a hardware code key or just keep my phone number active and receive SMS 2FA. So you turn on roaming to ensure you can use your Aus SIM then turn it off? Do you know how long a SIM card lasts? Do they ever expire? I've also heard best to access sensitive apps/sites via mobile data as it's encrypted unlike public WiFi? Cheers

With 2-Step Verification (also known as two-factor authentication), you add an extra layer of security to your account in case your password is stolen. After you set up 2-Step Verification, you’ll sign in to your account in two steps using:

  • Something you know, like your password
  • Something you have, like your phone

Turn on 2-Step Verification

  1. Open your Google Account.
  2. In the navigation panel, select Security.
  3. Under “Signing in to Google,” select 2-Step VerificationGet started.
  4. Follow the on-screen steps.

Your account, [email protected], is associated with your work or school. If you can’t set up 2-Step Verification, contact your administrator.

Verify it’s you with a second step

After you turn on 2-Step Verification, you’ll need to complete a second step to verify it’s you when you sign in. To help protect your account, Google will request that you complete a specific second step.

Use Google prompts

We recommend you sign in with Google prompts. It’s easier to tap a prompt than enter a verification code. Prompts can also help protect against SIM swap and other phone number-based hacks.

Google prompts are push notifications you’ll receive on:

  • Android phones that are signed in to your Google Account
  • iPhones with the Smart Lock app , the Gmail app , or Google app signed in to your Google Account

Based on the device and location info in the notification, you can:

  • Allow the sign in if you requested it by tapping Yes
  • Block the sign-in if you didn’t request it by tapping No

For added security, Google may ask you for your PIN or other confirmation.

Use other verification methods

You can set up other verification methods in case you:

  • Want increased protection against phishing
  • Can’t get Google prompts
  • Lose your phone

Use security keys to increase phishing protection

A physical security key is a small device that you can buy to help prove it’s you signing in. When we need to make sure it’s you, you can simply connect the key to your phone, tablet, or computer. Order your security keys.

You may also be able to use the security key built in to a compatible phone to sign in to new devices.

Tip: Security keys help protect your Google Account from phishing attacks, when a hacker tries to trick you into giving them your password or other personal information. Learn more about phishing attacks.

Use Google Authenticator or other verification code apps

You can set up Google Authenticator or another app that creates one-time verification codes when you don’t have an internet connection or mobile service.

Enter the verification code on the sign-in screen to help verify it’s you.

Two-Factor Authentication (2FA) is a great security tool, and we always recommend it. Most apps make it pretty easy to turn on 2FA, and Reddit is no exception. Here’s how to enable it and make yourself safer online.

Most 2FA implementations allow you to get 2FA codes sent to you either by SMS or generated by an authenticator app. Reddit only uses authenticator apps (which are much more secure than using SMS), so you’ll need to have one like Google Authenticator (Android, iPhone/iPad), Microsoft Authenticator, or Authy installed on your phone before you can get 2FA set up for Reddit. We like Authy, but the Microsoft and Google authenticators are great too.

To turn 2FA on, you’ll need to log in to your Reddit account from your computer and then click the arrow next to your username. From there, select the “User Settings” button.

Choose the “Privacy & Security” tab.

Scroll down to the “Advanced Security” section and then click the toggle next to “Use Two-Factor Authentication.”

This will open up a new panel where you have to enter your Reddit account password again to make sure it’s you turning 2FA on.

Enter your password and click the “Confirm” button. A QR code will be displayed. Open the authenticator app on your phone and add a new account. Scan the QR code as requested by your authenticator app, enter the 2FA code your app generates into Reddit, and click the “Complete Setup” button.

Your Reddit account is set up with 2FA. Make sure you take a copy of your backup codes stored safely offline in case you lose your phone!

Two-factor authentication helps prevent others from accessing your Apple ID account, even if they know your Apple ID password. Two-factor authentication for Apple ID is built into iOS 9, iPadOS 13, OS X 10.11, or later.

Certain features in iOS, iPadOS, and macOS require the security of two-factor authentication, which is designed to protect your information. If you create a new Apple ID on a device with iOS 13.4, iPadOS 13.4, macOS 10.15.4, or later, your account automatically uses two-factor authentication. If you previously created an Apple ID account without two-factor authentication, you can turn on its extra layer of security at any time.

Note: Certain account types may be ineligible for two-factor authentication at the discretion of Apple. Two-factor authentication isn’t available in all countries or regions. See the Apple Support article Availability of two-factor authentication for Apple ID.

For information about how two-factor authentication works, see the Apple Support article Two-factor authentication for Apple ID.

Turn on two-factor authentication

If your Apple ID account isn’t already using two-factor authentication, go to Settings > [your name] > Password & Security.

Tap Turn On Two-Factor Authentication, then tap Continue.

Enter a trusted phone number, a phone number where you want to receive verification codes for two-factor authentication (it can be the number for your iPhone).

You can choose to receive the codes by text message or automated phone call.

Enter the verification code sent to your trusted phone number.

To send or resend a verification code, tap “Didn’t get a verification code?”

You won’t be asked for a verification code again on your iPhone unless you sign out completely, erase your iPhone, sign in to your Apple ID account page in a web browser, or need to change your Apple ID password for security reasons.

After you turn on two-factor authentication, you have a two-week period during which you can turn it off. After that period, you can’t turn off two-factor authentication. To turn it off, open your confirmation email and click the link to return to your previous security settings. Keep in mind that turning off two-factor authentication makes your account less secure and means you can’t use features that require a higher level of security.

Note: If you use two-step verification and upgrade to iOS 13 or later, your account might be migrated to use two-factor authentication. See the Apple Support article Two-step verification for Apple ID.

Add another device as a trusted device

A trusted device is one that can be used to verify your identity by displaying a verification code from Apple when you sign in on a different device or browser. A trusted device must meet these minimum system requirements: iOS 9, iPadOS 13, or OS X 10.11.

After you turn on two-factor authentication on one device, sign in with the same Apple ID on another device.

When you’re asked to enter a six-digit verification code, do one of the following:

Obtain the verification code on your iPhone or another trusted device that’s connected to the internet: Look for a notification on that device, then tap or click Allow to make the code appear on that device. (A trusted device is an iPhone, iPad, iPod touch, or Mac on which you’ve already turned on two-factor authentication and on which you’re signed in with your Apple ID.)

Obtain the verification at a trusted phone number: If a trusted device isn’t available, tap “Didn’t get a verification code?” then choose a phone number.

Obtain the verification code on a trusted device that’s offline: On a trusted iPhone, iPad, or iPod touch, go to Settings > [your name] > Password & Security, then tap Get Verification Code. On a trusted Mac with macOS 10.15 or later, choose Apple menu > System Preferences > Apple ID > Password & Security, then click Get Verification Code. On a trusted Mac with macOS 10.14 and earlier, choose Apple menu > System Preferences > iCloud > Account Details > Security, then click Get Verification Code.

Enter the verification code on the new device.

You won’t be asked for a verification code again unless you sign out completely, erase your device, sign in to your Apple ID account page in a web browser, or need to change your Apple ID password for security reasons.

Add or remove a trusted phone number

When you enrolled in two-factor authentication, you had to verify one trusted phone number. You should also consider adding other phone numbers you can access, such as a home phone, or a number used by a family member or close friend.

Go to Settings > [your name] > Password & Security.

Tap Edit (above the list of trusted phone numbers), then do one of the following:

Add a number: Tap Add a Trusted Phone Number.

Remove a number: Tap next to the phone number.

Trusted phone numbers don’t automatically receive verification codes. If you can’t access any trusted devices when setting up a new device for two-factor authentication, tap “Didn’t get a verification code?” on the new device, then choose one of your trusted phone numbers to receive the verification code.

View or remove trusted devices

Go to Settings > [your name].

A list of the devices associated with your Apple ID appears near the bottom of the screen.

To see if a listed device is trusted, tap it, then look for “This device is trusted and can receive Apple ID verification codes.”

To remove a device, tap it, then tap Remove from Account.

Removing a trusted device ensures that it can no longer display verification codes and that access to iCloud (and other Apple services on the device) is blocked until you sign in again with two-factor authentication.

Generate a password for an app that signs in to your Apple ID account

With two-factor authentication, you need an app-specific password to sign in to your Apple ID account from a third-party app or service—such as an email, contacts, or calendar app. After you generate the app-specific password, use it to sign in to your Apple ID account from the app and access the information you store in iCloud.

Tap Generate Password (below App-Specific Passwords).

Follow the onscreen instructions.

After you generate your app-specific password, enter or paste it into the password field of the app as you would normally.

For more information, see the Apple Support article Using app-specific passwords.

In May, Google announced plans to enable two-factor authentication (or two-step verification as it’s referring to the setup) by default to enable more security for many accounts. Now it’s Cybersecurity Awareness Month, and Google is once again reminding us of that plan, saying in a blog post that it will enable two-factor for 150 million more accounts by the end of this year.

In 2018, Google said that only 10 percent of its active accounts were using two-factor authentication. It has been pushing, prodding, and encouraging people to enable the setting ever since. Another prong of the effort will require more than 2 million YouTube creators to turn on two-factor authentication to protect their channels from takeover. Google says it has partnered with organizations to give away more than 10,000 hardware security keys every year. Its push for two-factor has made the technology readily available on your phone whether you use Android or iPhone.

A tool that also helps users keep their accounts secure is using a password manager, and Google now says that it checks over a billion passwords a day via its built-in manager for Chrome, Android, and the Google app. The password manager is also available on iOS, where Chrome can autofill logins for other apps. Google says that soon it will help you generate passwords for other apps, making things even more straightforward. Also coming soon is the ability to see all of your saved passwords directly from the Google app menu.

Last but not least, Google is highlighting its Inactive Account Manager. This is a set of decisions to make about what happens to your account if you decide to stop using it or are no longer around and able to make those decisions.

Google Inactive Account Manager Image: Google

Google added the feature in 2013 so that you can set a timeout period for your account between three and 18 months of disuse before the Inactive Account Manager protocols take effect. Just in case you only switched accounts or forgot about your login, Google will send an email a month before the limit is up. At that point, you can choose to have your information deleted or have it forwarded to whatever trusted contacts you want to have handling things on your behalf. Google’s blog post notes that an inactive account led to the massive Colonial Pipeline attack earlier this year, and just for security’s sake, you probably don’t want your digital life simply hanging around unused for whatever hackers are bored in the future.

Hello everyone, a while back I posted here just to get people thinking about their security online and how to best protect their Microsoft (Xbox) accounts. I just thought I may as well just put another reminder on here for those who could maybe do with buffing their account security in an attempt to minimise the chances of accounts being hacked or compromised. There would be nothing worse than this, especially if the account is an important email you use, not to mention the money and time investment we all put in to the games we have on our accounts. First i would like to direct you to the link below showing just how effective 2FA is at protecting your account, stopping 99.9% of account hacks:

What Microsoft offers in terms of security is excellent so i suggest you use it. to activate 2FA on your account follow the instructions here:

Basically, 2FA adds an additional lair of security to your account. Now, when you sign in you will need your email, username and a 6-8 digit code sent to either your phone, email, or authentication app (see point 2 below) to be successful. This means that even if some malicious person stole your login details from another breached site it would not be enough for them to take control of your account which is great! Most people shy away from 2FA because they cant be bothered with the 10 second nuisance of putting in a code every time you login. Well the good news is that once you set it up and login to your Xbox for the first time you will have to put in the code only once, it will then become a trusted device and you will now sign in as normal from n ow on as if nothing has changed.

Just because it is possible, I would also recommend setting up 2 backup methods just in case for whatever reason you are locked out your account, this can be done in security settings and you can add an email or a phone number. Its just another way to prove you own the account if you ever need it which you hopefully never will.

Also, in Microsoft security settings you can also find the "recent activity" tab. This shows you all the logins that your account has had in the past 30 days. It also shows you the IP address, location and "activity" that was carried out. Just have a quick check here and make sure its all you. If its not, simply change your password and report it as suspicious activity (there's a button for this).

Bonus points: 1) make sure you use a strong and unique password for your account, not something that can be easily guessed, personally I would aim for 16+ characters with symbols etc. By unique I mean using a password that does not get used or exists anywhere else. What happens if you use the same password and email for multiple things? Well, some site you may have signed up to years ago gets breached and all the users info is stolen including emails and passwords, wont take long before some criminal tries these credentials elsewhere to see if the user uses the same login info everywhere. Why would they do this? because certain accounts can provide more sensitive info which could be used to target bank accounts, and some accounts (for example social media handles or gaming accounts) can be sold for cash, or maybe to steal the digital games you own. I cannot reinforce this point enough: DO NOT USE THE SAME PASSWORD ACROSS VARIOUS SITES.

2) Use a 2FA app rather than mobile if you can. Mobile SIM cards can be swapped or cloned and codes could even be intercepted. I know this me be bordering on paranoia for some but there are cases of it happening. Although this would most likely be a very targeted attack on an individual you never know these days with the rate at which technology advances and I would say its always good to stay ahead of the curve. I recommend the app called Authy I use it for all my 2FA. Microsoft has its own app called Microsoft authenticator and it does the exact same thing. Instead of getting a code to your phone you get an instant one that changes every 30 secs from your app.

3) If you have credit/debit cards saved on your account that are not used for subscriptions, remove them. Better safe than sorry. The only subscription I have is Xbox live that I purchase yearly so i just add my card then buy it then remove my card again right away.

4) you can use to search for your email address and it will tell you if it has been leaked in any breaches, if it has just change its password. you can also search this same site to see if your password has appeared in any leaks.

Lastly, the reason I decided to post on here about such a thing is because every so often I see posts with people who have lost access to their accounts or have had their accounts hacked and it kills me. My brother had a PS4 account with more than £1000 of digital content hacked and it was just awful spending months to recover it. You may get the money back but the time many of us spend levelling up characters or having fun is something which is priceless and we cant claim back.

Anyways, I hope I have at least encouraged a few people to activate 2FA and give their account security a once over to keep it up to date. The majority of us will probably never need to worry about being hacked, but if you use the above tips, 99% of criminals wouldn't even bother trying.

We know how much your account means to you, and we want to help you keep it safe from unsavoury characters out there on the internet. That�s why we�ve launched the new RuneScape Authenticator.

Free and available to all RuneScape players, in the main game and on Old School, the RuneScape Authenticator is the new way to protect your account, giving it an additional layer of protection against unauthorised access.

So, how does it work?

Once it�s set up, the Authenticator uses a code generator app – such as Google Authenticator for Android, iOS, and Blackberry phones, or Microsoft Authenticator for Windows PCs and phones – to generate a six-digit code.

You will then need to enter this code, when prompted, as a second step each time you log in on a new PC.

Then, you can set your account to remember your computer for 30 days, if you wish.

The RuneScape Authenticator is ready and waiting to help you protect your account, so what are you waiting for? Get protected in just two minutes!

Please come to the forums to discuss the update.

Have a read of the FAQ here.

The RuneScape Team

Use of this website is subject to our Terms & Conditions and Privacy Policy