How to Turn on 2FA for Xbox and Similar Platforms

Usernames and passwords protect our banking accounts, social profiles, and email platforms. There is a straightforward way that users can shield themselves from bot attacks and bulk phishing efforts, and that’s to Turn on 2FA! TeleSign is the pioneer of phone-based verification which is an easy way to keep your accounts safe from those who would do you harm.

Many of the world’s largest websites have made 2FA readily available from your online accounts’ security settings, but it’s up to you to turn on this free feature. This post is a simple guide on how to turn on 2FA and keep you safe from fraud on the internet, because passwords aren’t enough anymore.

Q: What exactly is two-factor authentication?

A: Two-factor authentication (2FA) is an additional layer of end-user account protection beyond a password. It significantly decreases the risk of account takeovers. A hacker attempts to access banking, shopping, social media, or other online accounts by combining the password (something you know) with a second factor, like a one-time passcode or push notification sent to your mobile phone (something you have). Even if they can crack your passcode, they probably don’t have your phone in their hands.

Q: Is this the same thing as two-step verification?

A: Yes.Websites refer to this security feature in several different ways: two-factor authentication (or 2FA), two-step verification (or 2-Step), multi-factor authentication, and two-step authentication.

Q: What accounts should end-users protect?

A: It is an online security best practice to enable 2FA on all online accounts, including email providers, social networks, financial services, e-commerce sites, dating apps, gaming accounts, cloud computing, and anything with personally identifiable information (PII).

Q: How does 2FA work?

A: Two-factor authentication commonly works by asking for something you know (your password) combined with something you have (your mobile phone) to confirm your identity across a variety of account activities–such as accessing your accounts from new devices, verifying transactions, or recovering your accounts. The process is simple.Once you enable 2FA on a site that offers it, a typical flow is as follows:

  1. You visit the site and enter your existing credentials (username and password) to access your account.
  2. If this is the first time you are accessing your account from a specific device, a “challenge” (a second factor) is needed to verify further that it is you, and not a fraudster.
  3. A code (a random set of numbers) is sent via SMS or voice to the phone number that you used when you created your account. At the same time, you are shown a secondary login screen in your web browser or on a mobile app from your mobile device with a prompt to enter the code.
  4. You enter the code that you received on the web page or mobile app as prompted.
  5. Your account provider confirms that the code you entered is the same code sent to your phone and, if matched, you are verified.
  6. You are now able to access your account.

With 2FA enabled, a fraudster would have to have your username and password and your mobile phone at the same time to access your account.

Q: Do I really need 2FA?

A: Cyber crime is big business. Account takeovers in the United States tripled from 2017 to 2018 to $5.1 billion*. Often, the cybercriminals behind these attacks are using a stolen password to wreak havoc. Many users repurpose their password for multiple sites, which can expose them to potential password theft. Having your password stolen and your account attacked is devastating. Once fraudsters have control of your account, they can block you from your account and subsequently pretend to be you, sending messages to your contacts or post messages on your profiles.They may have access to reset your passwords to other accounts or your banking information.

However, you can proactively secure your account from compromise like this and verify high-value transactions (such as obtaining credit card details, transferring funds, or making bill payments) by merely turning on 2FA.

Several real-world examples of platforms provide the option to turn on 2FA including Steam, Microsoft, Paypal, and Youtube. Typically, you can open settings, go to security, and opt into 2FA. Other services like Google’s Authy are activated in similar ways.

See how you can turn on 2FA on Microsoft’s popular Xbox Live platform:

1. Log into Xbox Live with your Microsoft account

2. Go to the Security Settings page

3. Under two-step verification, select “Set up two-step verification” to turn it on

3. Input the information requested to finalize the process.

For more information visit: Microsoft 2FA FAQ

 

*Ravelin Insights