Secure accounts & enable 2FA

Estimated time: 15–30 mins · Difficulty: Beginner

Last reviewed: 2025-10-28 · Author: Safenet

1. Use Strong, Unique Passwords

Choose passwords that are at least 12 characters long and include a mix of upper and lower case letters, numbers, and symbols. Avoid using personal information (names, birthdays) or common words. Do NOT reuse passwords across multiple accounts.

2. Use a Password Manager

Password managers securely store and manage your passwords. They can generate strong, unique passwords for each account. Popular password managers: 1Password, LastPass, Bitwarden.

3. Enable Two-Factor Authentication (2FA)

2FA adds an extra layer of security by requiring a second verification step:

Steps to Enable 2FA (example: GitHub)

Sign in to your account.
Go to Settings or Security (e.g., GitHub: Settings > Password and authentication).
Find Two-factor authentication and click “Enable”.

Choose your method:

Authentication app (recommended: Authy, Google Authenticator)
SMS (less secure)
Security key (hardware device)

Follow the instructions to set up and verify your 2FA method. Save backup codes in a secure location in case you lose access to your 2FA device.

4. Regularly Update Passwords

Change passwords periodically, especially if you suspect a breach. Immediately update compromised passwords.

5. Review Account Activity

Monitor login history and access logs for suspicious activity.

6. Secure Recovery Methods

Ensure recovery email and phone number are up-to-date and secure. Use strong, unique passwords for your email, as it’s often the key to account recovery.

7. Be Wary of Phishing

Never enter your credentials on suspicious links. Always check the URL before logging in.

8. Summary

Use strong, unique passwords (preferably with a password manager). Enable two-factor authentication on all accounts.

9. Next Steps

Regularly monitor and update your credentials. Be vigilant against phishing and keep recovery options secure.

Step-by-step checklist

Follow these steps in order. Use the checkboxes to track progress and print the page for offline use.

1 — Review and secure your recovery options

Confirm the recovery email and phone number on your account are current and accessible.

2 — Change weak or reused passwords

Use a unique password per account. Prefer a long passphrase or use a password manager to generate and store strong passwords.

3 — Enable two-factor authentication (2FA)

Choose an authenticator app (recommended) or hardware key. Avoid SMS if possible. Save backup/recovery codes securely.

4 — Revoke unknown sessions & connected apps

Sign out of devices you don't recognize, remove untrusted third-party apps, and re-check device activity.

5 — Set up account-specific recovery and backup

Download or securely store backup/ recovery codes for 2FA, and consider a hardware security key for high-value accounts.

6 — Audit account settings and notifications

Turn on security alerts (logins, password changes) and verify devices and trusted apps.

7 — Test login and recovery

Sign out and sign back in to confirm 2FA prompts and recovery codes work as expected.

Notes

Keep backup codes in a secure place (password manager or offline encrypted storage). If you lose 2FA, follow the provider's account recovery process.

Need more help?

If these steps don't resolve your issue, contact support.

Call emergency line Email security@example.org