Enable 2FA: Top 50 Websites
This guide shows you how to enable Two-Factor Authentication (2FA) with TOTP (Time-based One-Time Password) on the most important websites.
Overview
| Category |
Count |
| TOTP supported |
42 |
| SMS/Email 2FA only |
5 |
| No 2FA available |
3 |
84% of top websites support TOTP!
What is TOTP?
TOTP (Time-based One-Time Password) is an algorithm that generates unique 6-digit codes that change every 30 seconds.
Supported Authenticator Apps
- Google Authenticator
- Microsoft Authenticator
- Authy
- 1Password
- Bitwarden
- iKeePass (this app!)
Advantages over SMS-2FA
| Method |
Security |
Offline usable |
SIM-swap safe |
| TOTP App |
High |
Yes |
Yes |
| SMS |
Medium |
No |
No |
| Email |
Medium |
No |
Yes |
Search Engines
| # |
Website |
2FA |
TOTP |
Instructions |
| 1 |
Google |
Yes |
Yes |
Account > Security > 2-Step Verification |
| 2 |
Bing |
Yes |
Yes |
Via Microsoft account |
| 3 |
Yahoo |
Yes |
Yes |
Account Security > 2-Step Verification |
| 4 |
DuckDuckGo |
No |
No |
No account required |
| 5 |
Baidu |
SMS only |
No |
SMS only |
Video & Streaming
| # |
Website |
2FA |
TOTP |
Instructions |
| 6 |
YouTube |
Yes |
Yes |
Via Google account |
| 7 |
Netflix |
No |
No |
Not available |
| 8 |
Twitch |
Yes |
Yes |
Settings > Security > Set up 2FA |
| 9 |
Vimeo |
Yes |
Yes |
Account > Security > 2FA |
| 10 |
Disney+ |
Email only |
No |
Email verification only |
Social Networks
| # |
Website |
2FA |
TOTP |
Instructions |
| 11 |
Facebook |
Yes |
Yes |
Settings > Security > 2FA |
| 12 |
Instagram |
Yes |
Yes |
Settings > Security > 2FA |
| 13 |
X (Twitter) |
Yes |
Yes |
Settings > Security > 2FA > Authenticator App |
| 14 |
LinkedIn |
Yes |
Yes |
Settings > Sign in & Security |
| 15 |
TikTok |
Yes |
Yes |
Settings > Security > 2-Step Verification |
| 16 |
Reddit |
Yes |
Yes |
Settings > Security > 2FA (desktop only) |
| 17 |
Pinterest |
Yes |
Yes |
Settings > Security > 2FA |
| 18 |
Snapchat |
Yes |
Yes |
Settings > 2FA > Authenticator App |
| 19 |
WhatsApp |
PIN-based |
No |
PIN-based, no TOTP |
| 20 |
Telegram |
Password-based |
No |
Password-based, no TOTP |
E-Commerce
| # |
Website |
2FA |
TOTP |
Instructions |
| 21 |
Amazon |
Yes |
Yes |
Account > Login & Security > 2-Step Verification |
| 22 |
eBay |
Yes |
Yes |
Account Settings > 2-Step Verification |
| 23 |
AliExpress |
Yes |
Yes |
Account Settings > Security |
| 24 |
Etsy |
Yes |
Yes |
Account Settings > Security > 2FA |
| 25 |
Shopify |
Yes |
Yes |
Manage Account > Security |
Finance & Payments
| # |
Website |
2FA |
TOTP |
Instructions |
| 26 |
PayPal |
Yes |
Yes |
Settings > Security > 2-Step Verification |
| 27 |
Stripe |
Yes |
Yes |
Dashboard > Settings > 2FA |
| 28 |
Coinbase |
Yes |
Yes |
Settings > Security > 2-Step Verification |
| 29 |
Binance |
Yes |
Yes |
Security > 2FA > Google Authenticator |
| 30 |
Revolut |
Yes |
Yes |
App > Profile > Security |
Productivity & Cloud
| # |
Website |
2FA |
TOTP |
Instructions |
| 31 |
Microsoft 365 |
Yes |
Yes |
account.microsoft.com > Security |
| 32 |
Dropbox |
Yes |
Yes |
Settings > Security |
| 33 |
Google Drive |
Yes |
Yes |
Via Google account |
| 34 |
Slack |
Yes |
Yes |
Account Settings > Set up 2FA |
| 35 |
Zoom |
Yes |
Yes |
Profile > Security > 2FA |
| 36 |
Notion |
Yes |
Yes |
Settings > Security > 2FA |
| 37 |
Trello |
Yes |
Yes |
Via Atlassian account |
Developer & Tech
| # |
Website |
2FA |
TOTP |
Instructions |
| 38 |
GitHub |
Yes |
Yes |
Settings > Security > 2FA REQUIRED! |
| 39 |
GitLab |
Yes |
Yes |
Settings > Account > 2FA |
| 40 |
AWS |
Yes |
Yes |
IAM > Security Credentials > MFA |
| 41 |
Azure |
Yes |
Yes |
Via Microsoft account |
| 42 |
DigitalOcean |
Yes |
Yes |
Account Settings > Security |
| 43 |
Cloudflare |
Yes |
Yes |
Profile > Authentication > 2FA |
| 44 |
Heroku |
Yes |
Yes |
Account Settings > 2FA |
| 45 |
npm |
Yes |
Yes |
Account Settings > 2FA |
Music & Entertainment
| # |
Website |
2FA |
TOTP |
Instructions |
| 46 |
Spotify |
Artists only |
Artists only |
Artists only |
| 47 |
Apple Music |
Yes |
Yes |
Via Apple ID |
| 48 |
SoundCloud |
Yes |
Yes |
Settings > Security > 2FA |
| 49 |
Discord |
Yes |
Yes |
Settings > My Account > Enable 2FA |
| 50 |
Steam |
Yes |
Yes |
Steam Guard > Mobile Authenticator |
Detailed Instructions
Google / YouTube / Gmail
- Open myaccount.google.com
- Click Security in the left menu
- Under “Signing in to Google” > 2-Step Verification
- Click Authenticator App
- Scan the QR code with iKeePass
- Enter the 6-digit code to confirm
- Open accountscenter.facebook.com
- Go to Password and Security
- Select Two-Factor Authentication
- Choose Authenticator App
- Scan the QR code with iKeePass
- Save the backup codes!
- Open twitter.com/settings/account
- Go to Security and account access > Security
- Select Two-factor authentication
- Enable Authentication app
- Scan the QR code with iKeePass
- Enter the confirmation code
GitHub (REQUIRED!)
GitHub requires 2FA for all code contributors since March 2023!
- Open github.com/settings/security
- Under “Two-factor authentication” > Enable
- Choose Set up using an app
- Scan the QR code with iKeePass
- Enter the verification code
- Save the recovery codes!
Amazon
- Open amazon.com/a/settings/security
- Click Edit next to “Two-Step Verification”
- Click Get Started
- Choose Authenticator App
- Scan the QR code with iKeePass
PayPal
- Open paypal.com/myaccount/settings/
- Go to Security > 2-Step Verification
- Choose Use an authenticator app
- Scan the QR code with iKeePass
- Enter the 6-digit code
Discord
- Open Discord > User Settings (gear icon)
- Go to My Account
- Click Enable Two-Factor Auth
- Enter your password
- Scan the QR code with iKeePass
- Enter the 6-digit code
- Download SMS backup
Services WITHOUT TOTP
Netflix
Netflix offers no two-factor authentication.
Recommendation: Use a strong, unique password and regularly check your active sessions under Netflix > Account > Manage devices.
Spotify (regular users)
Spotify offers TOTP only for Spotify for Artists.
Workaround: Sign in via Facebook and enable 2FA there.
WhatsApp / Telegram
These messengers offer PIN-based 2-step verification, but no real TOTP:
| App |
2FA Method |
Description |
| WhatsApp |
6-digit PIN |
Asked during re-registration |
| Telegram |
Password |
In addition to SMS code |
| Signal |
Registration Lock PIN |
Prevents number takeover |
Best Practices
Recommendations
- Enable TOTP on ALL accounts that support it
- Store backup codes securely in iKeePass
- Use TOTP instead of SMS where possible
- Secure your authenticator app (export to iKeePass)
- Use different passwords for every service
Warnings
- Don’t lose your phone without backup codes
- Disable 2FA before device change or transfer codes
- Don’t use unencrypted cloud syncs
- Ignore phishing attempts asking for TOTP codes
Resources