By clicking a retailer link you consent to third-party cookies that track your onward journey. This enables W? to receive an affiliate commission if you make a purchase, which supports our mission to be the UK's consumer champion.
With over a decade of experience at Which?, Tom covers everything from tech advice to money-saving tips, and highlights the best deals during major sales events.
The apps you use on your smartphone every day likely hold data you'd rather keep private – payment information, emails, contact lists, documents and more.
With two-factor authentication (2FA) enabled, you instantly make your online accounts harder to access without permission. Attempting to access an account from a new device prompts the service to send a unique code to your phone, so you have the power to approve or deny logins.
Below, we explain how to lock up your data. You might not want to work through the whole list in one go, so bookmark this page and revisit another time if needed.
Our friendly team can help you fix tech issues, stay safe online, and get more from your devices. Get 12 months of tech support for only £24.50. We’ll help you take control of your tech.
Join Which? Tech SupportSave 50% – was £49, now £24.50 for a year, offer ends 6 April 2026.
Already a Tech Support member? If you need more help and 1-2-1 technical advice, including buying advice, you can book an appointment with our friendly Tech Support team.
'You might assume that hackers only target banking apps, but email, social media and messaging accounts can be just as valuable to criminals. In my experience covering online security, these are often the accounts people forget to protect properly.
'For peace of mind, I recommend taking a moment to secure the apps you use most often. While researching this article, I worked through a selection of popular apps and added 2FA to each one. The process was quick, and my Google Authenticator app is now full of login codes that refresh every 30 seconds, meaning anyone trying to log in without permission would still need access to my phone.'
Tom Morgan, Senior Consumer Writer
If WhatsApp is your go-to messaging app, it's probably crammed with private conversations, including written messages, voice notes and attachments.
Adding 2FA to your WhatsApp account means you'll regularly be asked to enter a Pin to continue using the app. If your phone gets stolen and ends up in the wrong hands, that means your messages (and attachments) will remain locked.
When setting up 2FA, WhatsApp will also request an email address, which will be used as a backup in case you forget or misplace your Pin.
You can revisit the Settings page at any time if you need to turn off 2FA or change your Pin. We also recommend backing up your data – explore Settings > Chats > Chat backup.
Enabling 2FA for your Google account only takes a couple of minutes and is an effective way to keep prying eyes away from your inbox.
Once you've activated the feature, you'll need to complete a second step to verify it’s you if you choose to sign in with a password. If you're attempting to access your messages from a new PC, for example, you'll need to input the code sent to your mobile.
You might also want to explore Gmail's Confidential Mode, which helps to prevent recipients from accidentally sharing messages. (See also: useful Gmail features you need to try right away)
Your Outlook inbox effectively acts as a gateway to your other online accounts, which is why it's crucial to protect it.
If an attacker gains access to your messages, they could intercept password reset emails and use them to change the passwords of other accounts, including those for banking, social media or shopping sites.
Adding 2FA to your Microsoft account means you’ll receive a security code to your email, phone or authenticator app every time you sign in on a device that isn't trusted. Potential hackers will be stopped in their tracks, as they won't know your unique security code.
Your social media account serves as a storage hub for personal information, photos and private messages. It likely contains a wealth of data that third parties could exploit, so take a moment to configure your security settings.
Data-hungry hackers will always revel in the chance to access social media accounts, as doing so allows them to impersonate the account owner, spread spam or even demand money from contacts.
When Facebook's 2FA system is activated, you'll be asked to enter a login code or confirm your login attempt each time someone tries accessing Facebook from a browser or mobile that Facebook doesn't recognise.
PayPal can be secured with Google Authenticator or Microsoft Authenticator. Both apps are used to generate time-sensitive login codes.
Once 2FA is turned on, unauthorised users can't initiate transactions or withdraw funds from your account without verifying the login code. We recommend setting it up through your web browser rather than the PayPal app – we’ve tried both methods and using a computer is easier. (See also: How to get your money back after a scam).
Make sure you're on top of the latest scam alerts from Which?
Staying on top of your X security details will stop hackers from accessing your private messages or posting malicious links under a false identity. If your account is found to be sharing problematic content, it could get banned permanently.
When you turn on 2FA, instead of just entering a password to log in, you'll also need to enter a code or use a security key. Part of the setup process requires an email address so X support can communicate with you if there's a problem.
Take a couple of minutes to protect against hackers looking to place orders through your account without permission.
You can secure your Amazon account using one of two methods. The first simply involves adding your phone number to the authenticator tool – that number will then receive a text message with a code every time you want to log in.
Alternatively, you can use an authenticator app such as Google Authenticator. If you go that route, your authenticator app will generate a time-sensitive code that you enter on the Amazon app. Regardless of which method you choose, you can be confident knowing you've added a layer of security to your account.
Your Apple ID is tied to your iCloud account, which acts as a home for photos, messages, documents and device backups. If a sinister third party gains access, they could view your files and wipe your device.
Using Apple’s 2FA system means that, even if someone obtains your password, they won’t be able to sign in without the unique code sent to one of your trusted devices.
Make sure your documents and photos don't end up in the wrong hands with our guide on how to check that your cloud storage files are private.
If Dropbox is your cloud storage service of choice, it's worth taking a moment to secure it with 2FA. You likely use your account to store photos, files and personal documents, so upping your security is a simple way of keeping everything private. Without doing so, any device you've previously signed in on could still grant access to your Dropbox files if it ends up in the wrong hands.
To enable 2FA on Dropbox, you'll need to use the desktop version of the app or a mobile web browser instead of the Dropbox mobile app.
Your LinkedIn account likely contains details you want to keep under your control, including private conversations with contacts that may include email addresses and phone numbers.
If a hacker gains access to a poorly protected LinkedIn account, they could send messages pretending to be you. This could be used to trick your contacts into sharing sensitive information, clicking on malicious links or downloading harmful files.
There are several ways you can better protect your bank account. We caught up with our award-winning investigative reporter Chiara Cavaglieri, senior researcher and writer at Which?, who's been writing about banking and payments for more than a decade. Chiara suggested the following:
For more advice from our experts, explore our guide: How safe is online banking?
With a Which? recommended antivirus software package protecting your PC, you can upgrade your data security and stay one step ahead of cybercriminals.
To find the best options, we subject antivirus programs to tens of thousands of threats, including viruses, ransomware and phishing attacks designed to steal your data. The test is repeated four times a year and the scores we publish are based on a full year of testing.
Explore the results of our rigorous security tests - go to best antivirus.
Our friendly team can help you fix tech issues, stay safe online, and get more from your devices. Get 12 months of tech support for only £24.50. We’ll help you take control of your tech.
Join Which? Tech SupportSave 50% – was £49, now £24.50 for a year, offer ends 6 April 2026.
Which? Tech Support can help you keep on top of your home tech. Our experts explain things clearly so you can resolve issues and feel more confident using your devices.
Get unlimited 1-2-1 expert support:
You can join Which? Tech Support.
Smartphone image assets created using MockUPhone
