Most services nowadays require signup and login procedures that are based on usernames and passwords. Unfortunately, single-factor authentication is not enough to protect accounts especially at the rate at which technologies are evolving, as hackers become more sophisticated and are able to compromise accounts in a matter of seconds. To top it all off, every year billions of usernames and passwords are stolen and sold on dark web markets, and as a result, many users become victims to identity theft and data loss.

1. TWO FACTOR
AUTHENTICATION
Comprehensive Guide
by Team CTM360
Featured in ‘The 14 Providers That Matter Most’
- The Forrester Research Report, Q3 2018
CTM360 - ‘Technology Company of the Year’
- MEED Awards 2018
FORRESTER
RESEARCH

2. 2 FACTOR AUTHENTICATION:
ACTIVATE IT EVERYWHERE
Most services nowadays require signup and login procedures
that are based on usernames and passwords.
Unfortunately, single-factor authentication is not enough to protect
accounts especially at the rate at which technologies are evolving, as
hackers become more sophisticated and are able to compromise accounts
in a matter of seconds. To top it all off, every year billions of usernames and
passwords are stolen and sold on dark web markets, and as a result, many
users become victims to identity theft and data loss.
Two-Factor Authentication (2FA) requires the user to enter a
password and then another verification code before he is given
access to the account.
This method keeps the account safe even after the first password has been
obtained by an unauthorized person. Once an account is compromised,
attackers can cause a lot of damage, especially to accounts used in the
workplace. This is why we strongly suggest that all accounts that support
2FA should have it enabled as soon as possible.
TWO FACTOR AUTHENTICATION : COMPREHENSIVE GUIDE BY CTM360® | 01

3. WORRYING FACTS ABOUT
TRADITIONAL SECURITY MEASURES
90%of passwords can
be cracked within
6 hours
63%of people are using the
same password for
multiple
accounts
BILLIONSof passwords are tested
every second by hackers
There has been a recent surge in Whatsapp account hijacking in the region. In most cases, this occurs through social
engineering where the victim receives a Whatsapp or IMO call and is asked to provide an SMS code which they received in
order to claim a prize. The code in the SMS is a WhatsApp phone number verification code. When acquired, this gives the
hijacker control of the account.
TWO FACTOR AUTHENTICATION : COMPREHENSIVE GUIDE BY CTM360® | 02

4. HOW ORGANIZATIONS AND
INDIVIDUALS CAN PROTECT
THEMSELVES
Using multi-factor authentication (MFA)
mechanisms, organizations, as well as
individuals, are able to get better security and
protect their environments, providing defense
from 80% of stolen credential security breaches.
This can be accomplished by using technical
controls (enforcing two-factor authentication
wherever centralized management is possible),
as well as via administrative controls (by creating
and enforcing a policy for accounts created using
business email addresses).
TWO FACTOR AUTHENTICATION : COMPREHENSIVE GUIDE BY CTM360® | 03

5. ENABLING 2FA ON
POPULAR ACCOUNTS
Using multi-factor authentication (MFA) mechanisms, organizations, as well as individuals, are able to get
better security and protect their environments, providing defense from 80% of stolen credential security
breaches.
1- Whatsapp → Settings → Account → Two-Step Verification
2- Twitter → Profile And Settings → Account → Security → Set Up Login Verification
3- Facebook → Settings → Security → Login Approvals
4- Google → Google Account → My Account → Sign-In & Security → Signing In To Google → 2-Step Verification
5- Instagram → Account → Settings → Privacy And Security → Two-Factor Authentication
6- Microsoft → Security Settings Page → Overview → Security Info → Set Up Two-Step Verification
7- Linkedin → Account → Login And Security → Add A Phone Number
TWO FACTOR AUTHENTICATION : COMPREHENSIVE GUIDE BY CTM360® | 04

6. FINANCIAL/PAYMENT ACCOUNT GUIDES
Amazon Pay - https://www.amazon.com/gp/help/customer/display.html?nodeId=201962420
PayPal - https://www.paypal.com/us/webapps/mpp/security/security-protections
Uber - https://help.uber.com/riders/article/2-step-verification
For more in-depth guides to configure 2FA on different commonly used accounts, please visit the
following links:
SOCIAL MEDIA ACCOUNT GUIDES
Facebook - https://www.facebook.com/help/148233965247823
LinkedIn - https://www.linkedin.com/help/linkedin/answer/531
YouTube - https://www.google.com/intl/en-US/landing/2step/features.html
Instagram - https://help.instagram.com/566810106808145
Google+ - https://www.google.com/intl/en-US/landing/2step/features.html
Pinterest - https://help.pinterest.com/en/article/two-factor-authentication
Snapchat - https://support.snapchat.com/en-US/article/enable-login-verification
Twitter - https://help.twitter.com/en/managing-your-account/two-factor-authentication
Tumblr - https://tumblr.zendesk.com/hc/en-us/articles/226270148-Two-factor-authentication
TWO FACTOR AUTHENTICATION : COMPREHENSIVE GUIDE BY CTM360® | 05

7. CLOUD SERVICES ACCOUNT GUIDES
Office 365 -
https://support.office.com/en-US/article/Set-up-multi-factor-authentication-for-Office-365-8f0454b2-
f51a-4d9c-bcde-2c48e41621c6
Apple iCloud -
https://support.apple.com/en-bh/HT204152
Dropbox -
https://www.dropbox.com/en/help/security/enable-two-step-verification
OneDrive -
https://support.microsoft.com/en-us/help/12408/microsoft-account-how-to-use-two-step-verification
GitHub -
https://help.github.com/en/articles/about-two-factor-authentication
MongoDB Cloud Manager -
https://docs.cloudmanager.mongodb.com/core/two-factor-authentication/
Amazon AWS WorkSpaces -
https://aws.amazon.com/blogs/aws/multi-factor-auth-for-workspaces/
TWO FACTOR AUTHENTICATION : COMPREHENSIVE GUIDE BY CTM360® | 06

8. EMAIL & COMMUNICATION ACCOUNT GUIDES
WhatsApp -
https://faq.whatsapp.com/en/general/26000021
HootSuite -
https://help.hootsuite.com/hc/en-us/articles/204595950-Manage-Google-Authenticator
LastPass -
https://support.logmeininc.com/lastpass/help/manage-trusted-devices-for-multifactor-authentication-
lp030010
Slack -
https://get.slack.help/hc/en-us/articles/204509068-Enabling-two-factor-authentication
MailChimp -
https://mailchimp.com/help/set-up-a-two-factor-authentication-app-at-login/
Yahoo Mail -
https://help.yahoo.com/kb/SLN5013.html
TWO FACTOR AUTHENTICATION : COMPREHENSIVE GUIDE BY CTM360® | 07

9. DOMAIN & HOSTING ACCOUNT GUIDES
If you would like to verify if any other platforms that support 2FA, you can visit the following link for
further information and guides:
https://twofactorauth.org/
Remember that your account security does not only affect you as an individual but can also impact your
organization and everyone you communicate with. Enable 2FA on all of your accounts today and reduce
your overall digital risk.
Wordpress - https://en.support.wordpress.com/security/two-step-authentication/
GoDaddy - https://www.godaddy.com/help/enable-two-step-verification-7502
eNom - https://www.enom.com/kb/kb/kb_1687-setup-2-factor.htm
Nominet - https://registrars.nominet.uk/sites/default/files/two_factor_authentication_userguide.pdf
Joomla - https://docs.joomla.org/J3.x:Two_Factor_Authentication
CloudFlare - https://support.cloudflare.com/hc/en-us/articles/200167866-How-do-I-set-up-two-
factor-authentication
DigiCert - https://www.digicert.com/two-factor-authentication.htm
SSLTrust - https://www.ssltrust.com.au/help/account-management/enable-2factor
TWO FACTOR AUTHENTICATION : COMPREHENSIVE GUIDE BY CTM360® | 08TWO FACTOR AUTHENTICATION : COMPREHENSIVE GUIDE BY CTM360® | 08

10. References:
https://www.informationsecuritybuzz.com/news/three-five-use-password-across-multiple-online-accounts/
https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/
https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/
https://www.grahamcluley.com/factor-authentication-2fa-versus-step-verification-2sv/
https://www.grahamcluley.com/protect-facebook-account-2-step-verification-2sv/
https://www.grahamcluley.com/twitter-login-verification/
https://www.grahamcluley.com/how-to-enable-2-step-verification-2sv-on-your-whatsapp-account/
https://www.grahamcluley.com/protect-amazon-account-step-verification-2sv/
https://www.grahamcluley.com/better-protect-google-account-step-verification-2sv/
https://www.grahamcluley.com/protect-dropbox-account-step-verification-2sv/
https://www.grahamcluley.com/office-365-multi-factor-authentication/
https://www.grahamcluley.com/how-to-protect-your-microsoft-account-with-two-step-verification-2sv/
https://www.grahamcluley.com/tumblr-2sv/
https://www.grahamcluley.com/protect-linkedin-account-step-verification-2sv/
https://www.grahamcluley.com/protect-paypal-account-step-verification-2sv/
https://www.grahamcluley.com/protect-yahoo-account-2sv/
https://www.grahamcluley.com/protect-apple-account/
https://www.grahamcluley.com/better-protect-google-account-step-verification-google-authenticator/
https://www.grahamcluley.com/protect-hootsuite-account-hackers/
https://www.grahamcluley.com/better-protect-instagram-account-using-two-step-verification-2sv/
https://www.grahamcluley.com/instagram-finally-supports-third-party-2fa-apps-for-greater-account-security/
https://support.cloudflare.com/hc/en-us/articles/200167866-What-is-Authy-2-Factor-Authentication-
https://help.github.com/en/articles/configuring-two-factor-authentication-recovery-methods
TWO FACTOR AUTHENTICATION : COMPREHENSIVE GUIDE BY CTM360® | 09

11. CONTACT US:
6th floor,
Citibank House,
Seef District,
Kingdom of Bahrain
+973 77 360 360
info@ctm360.com
www.ctm360.com
Featured in ‘The 14 Providers That Matter Most’
- The Forrester Research Report, Q3 2018
CTM360 - ‘Technology Company of the Year’
- MEED Awards 2018
FORRESTER
RESEARCH