No jargon. No fees. Just clear step-by-step guides to protect your accounts — and a friendly human to call on when you're stuck.
Run these free checks first. They're run by trusted organisations — no dodgy links, no data collected by us.
Enter your email. Instantly see if it appeared in any data breach. Trusted by millions.
Review your Google/Gmail account security in one place. Check devices, apps, and access.
Facebook's built-in Security Checkup guides you through protecting your profile step by step.
See if any of your saved passwords are weak, reused, or compromised in a breach.
Pick your account below. Follow the steps. If you get stuck, use the chat widget or send us a message — we'll walk you through it.
Protects your Gmail, Google Drive, YouTube, and all other Google services at once.
Open a browser and go to myaccount.google.com — or just search "Google Account". Sign in if needed.
You'll see it on the left-hand side. If you're on mobile, scroll down to find the Security section.
Under the section "How you sign in to Google". Click the arrow to go in.
Google will confirm your password first. Enter it and click Next.
Best option: Google Prompt (a pop-up on your phone). Or choose Text message (SMS) if you prefer. Follow the on-screen steps.
That's it — your Google account now requires a second step every time you sign in.
Even if someone gets your Gmail password, they cannot sign in without your phone. This one step blocks 99% of account hacks.
Your Google account controls Gmail, Drive, YouTube, Google Pay — so protecting it protects everything connected to it.
⚠️ Save your backup codes — when prompted, download or print the backup codes. Store them somewhere safe (not in Gmail!). You'll need one if you lose your phone.
✅ Done in under 3 minutes. If you see a green tick next to "2-Step Verification", you're protected.
Stops strangers from logging into your Facebook even if they have your password.
On mobile: tap the three lines (☰) in the bottom right. On desktop: click your profile photo at the top right.
Scroll down to find Settings & Privacy, then tap Settings inside it.
Under the Accounts Centre section. This is where all security settings live.
Select your Facebook account when asked which account to protect.
Authentication App is more secure. SMS is easier to set up. Either is much better than nothing.
Facebook will test it before turning on. Done — your account is now protected.
Authentication App (like Google Authenticator or Authy) generates a 6-digit code on your phone every 30 seconds. It works even without phone signal and is more secure than SMS.
SMS sends a text message to your phone. Easier to set up, and still far better than no protection at all.
⚠️ Facebook will show you recovery codes — save these in a safe place. They let you back in if you lose your phone.
✅ Once enabled, anyone trying to log in needs your phone too — even hackers who bought your password on the dark web.
Prevents account takeover — one of the most common hacks targeting Instagram.
Tap your profile picture in the bottom right corner.
Find Settings and privacy at the top of the menu.
Then tap Password and security.
Select your Instagram account from the list shown.
Authentication app or text message. Tap the toggle next to your choice to switch it on.
Instagram confirms it's active. You'll be asked to verify with a code the next time you log in.
Instagram account takeover is extremely common. Hackers then use your account to scam your followers. Two-factor authentication makes this nearly impossible.
Takes 2 minutes. Saves you the nightmare of losing your account.
⚠️ Save your backup codes — Instagram will give you 5 codes. Screenshot them and keep them somewhere you can find offline.
✅ When it's on, you'll see "Two-factor authentication is on" in the settings menu. You're protected.
Prevents SIM-swap attacks and account hijacking through your phone number.
On iPhone: tap Settings (bottom right). On Android: tap the three dots (⋮) in the top right.
Tap Settings → Account.
Then tap Enable on the next screen.
Choose a number you'll remember but not an obvious one like 123456 or your birthday.
Strongly recommended. This lets you reset your PIN if you forget it. Use an email you actually check.
WhatsApp will occasionally ask for your PIN to remind you of it. That's normal — it keeps you secure.
WhatsApp accounts can be hijacked via "SIM swap" — where a fraudster convinces your phone company to move your number to their SIM. Once they have your number, they try to register your WhatsApp.
Two-step verification blocks this by requiring a PIN they don't know.
⚠️ Never share your 6-digit WhatsApp registration code with anyone — not even friends. This code is sometimes used to hijack accounts.
✅ Two-step verification is now on. WhatsApp will ask for your PIN if your account is registered on a new phone.
Protects your iPhone, iCloud, App Store purchases, and Apple Pay.
Tap the grey cog icon on your home screen.
This opens your Apple ID / iCloud settings.
You'll see options about your Apple ID password and security.
Then tap Continue. Apple will confirm the trusted phone number to use.
Choose how to receive the code (text or phone call). Enter the code Apple sends you.
Apple devices you own will show a verification code whenever a new sign-in is attempted.
Your Apple ID holds everything: photos in iCloud, all your apps, your payment cards, your iPhone backups. If someone gets in, they can remotely wipe your phone and lock you out.
Two-factor means Apple will always check with your trusted device first.
⚠️ Apple's 2FA cannot be turned off after 14 days once enabled. That's fine — it's protecting you. Just make sure your trusted phone number stays up to date.
✅ Once enabled, you'll see a 6-digit code appear on your trusted iPhone or iPad whenever a new sign-in happens.
Protects your Outlook, Hotmail, OneDrive, Xbox, and Microsoft 365 accounts.
Open a browser and type account.microsoft.com. Sign in with your Microsoft email and password.
Then click "Advanced security options" on the Security page.
Under the "Ways to prove who you are" section.
Microsoft walks you through adding a verification method — an app, phone number, or alternate email.
Microsoft gives you a 25-character recovery code. Write it down and keep it somewhere safe — not on the computer.
Two-step verification is now active on your Microsoft account.
Microsoft has its own free app called Microsoft Authenticator (available on iPhone and Android). It's the easiest and most secure way to verify your identity — just open the app and tap "Approve".
Far easier than typing in a code every time.
⚠️ If you use Microsoft 365 for work, your company IT team may already manage this. Check with them before changing any settings on a work account.
✅ You're protected. Next time you sign in, Microsoft will ask for a second verification step before letting anyone in.
Protects your account from takeover — a very common attack on TikTok creators and everyday users alike.
Tap the Profile icon in the bottom right corner of the app.
This opens the side panel. Tap Settings and Privacy at the bottom of the menu.
Find Security in the Settings list and tap it. This is where all account security options live.
You'll see the 2-step verification option with its current status. Tap it to begin setup.
TikTok offers three options — choose at least one:
SMS — a code is texted to your phone number
Email — a code is sent to your email address
Authenticator App — a code generated by an app like Google Authenticator (most secure)
TikTok sends a test code to confirm setup. Enter it when prompted to complete activation.
2-step verification is now active. TikTok will ask for a code the next time your account is accessed from a new device.
TikTok accounts — especially those with a following — are a common target because hackers sell them or use them to push scam content to your followers. Even accounts with zero followers get targeted for spam.
2-step verification means even if someone gets your password through a data breach, they still can't get in without your phone.
Yes — TikTok supports authenticator apps like Google Authenticator or Authy (both free). This is the strongest option as it works without mobile signal and can't be intercepted like SMS codes.
When you choose "Authenticator App", TikTok shows a QR code — open your authenticator app, tap the + button, and scan it.
⚠️ TikTok will also let you select more than one method — it's worth setting up both SMS and an authenticator app so you always have a backup if one isn't available.
✅ Done. If you see "2-step verification is on" in your Security settings, your account is protected.
Protects your account from one of the most common social media hacks — especially for accounts with any following.
On mobile: tap your profile photo → Settings and Support → Settings and Privacy. On desktop: click More → Settings and Privacy.
Then tap Security.
You'll see three options. At least one must be selected.
Authentication app is the most secure — free users can use this. SMS is also available. Tap the toggle next to your preferred method.
Twitter/X will ask you to verify by entering your password and then your chosen verification method.
Twitter shows you a 12-digit backup code. Screenshot or write it down — you'll need this if you lose your phone.
Twitter/X removed SMS 2FA for free accounts. But the Authenticator App option (Google Authenticator, Authy) is still free and is actually the better choice anyway — more secure and works without signal.
⚠️ High-profile accounts are often targeted via SIM-swap attacks. Use an authenticator app rather than SMS if possible.
✅ When enabled you'll see each method listed with a green checkmark in the Two-Factor Authentication settings page.
LinkedIn is a major target for professional scams and credential theft — especially since accounts contain your career history and contacts.
Select Settings & Privacy from the dropdown menu.
In the left sidebar. Then find Two-step verification.
LinkedIn will confirm your current password before proceeding.
Authenticator app — most secure, generates codes offline.Phone number (SMS) — easier to set up, still much better than nothing.
LinkedIn sends or generates a 6-digit code. Enter it to confirm setup is working.
Two-step verification is now active on your LinkedIn account.
Your LinkedIn profile contains your employer, colleagues, job history, and professional network. Hackers use compromised LinkedIn accounts to send convincing scam messages to your connections — including fake job offers and invoice fraud.
Protecting your LinkedIn protects not just you but everyone who trusts your name.
⚠️ If you use LinkedIn for business, a hacked account can damage your professional reputation and your employer's. Don't delay this one.
✅ Done. You'll see "Two-step verification is on" in your Sign in & security settings.
Snapchat accounts are frequently stolen and used to send scam messages or inappropriate content to your friends list.
This opens your profile screen.
This opens Snapchat settings.
Found under the My Account section.
Snapchat explains what two-factor authentication does. Tap Continue.
SMS — a code texted to your phone number.Authentication App — more secure, works without signal.
Enter the 6-digit code Snapchat sends or your authenticator app shows. Tap Continue to finish. Note your recovery code.
When a Snapchat account is taken over, hackers immediately message everyone on the friends list — often pretending to be you and sending links to fake investment schemes or asking for money. Your friends trust messages from your account.
⚠️ Save the recovery code Snapchat gives you — without it you may struggle to regain access if you lose your phone.
✅ Two-factor authentication is on when you see a confirmation screen with a padlock icon. Your account is protected.
Your PayPal account is directly connected to your money. This is one of the most critical accounts to protect.
Select Account Settings from the dropdown.
This shows all your security options in one place.
If it's already set up, you'll see "Edit" instead — click that to review or change your method.
Authenticator app — generates codes on your phone, most secure.Text message (SMS) — sends a code to your mobile number.
For an authenticator app: open Google Authenticator or Authy, tap +, scan the QR code PayPal shows you. For SMS: enter your mobile number and tap Next.
Enter the 6-digit code to confirm it's working. PayPal activates 2-step verification immediately.
PayPal account takeovers result in direct financial loss — hackers drain balances, make purchases, or transfer money out within minutes of gaining access. Unlike a bank, reversing PayPal transactions can take days and isn't always guaranteed.
Two-step verification is the most important protection you can add to a financial account.
⚠️ PayPal will never call or text you asking for your 2-step code. If anyone asks for it, hang up — it's a scam.
✅ When active, 2-step verification shows as "On" in your Security settings. Every login now requires your phone.
Your Amazon account holds saved payment cards and your delivery address. A hacked account can drain your payment method fast.
Click Account in the dropdown. On mobile, tap the menu icon (☰) and tap Account.
You may be asked to re-enter your password to access this section.
Then click Get started on the next screen.
Authenticator app — scan QR code with Google Authenticator or Authy.SMS — code sent to your phone number.
Amazon sends a test code. Enter it to confirm your method is working correctly.
Amazon will also ask if you want to require 2SV on all devices or skip it on trusted devices. For maximum security, require it on all devices.
Most Amazon accounts have a saved credit or debit card ready to use. A hacker can place orders, buy gift cards, or use your Prime membership within minutes of getting in. Gift card purchases are almost impossible to reverse.
If you have an Amazon Business account, the same steps apply. Business accounts often have higher spending limits and company payment cards attached — even more reason to protect them.
✅ Two-step verification is active when you see "Two-Step Verification is on" in your Login & security settings.
Discord accounts are stolen to take over servers, scam community members, or sell access to gaming accounts linked to your profile.
Click the ⚙️ gear icon at the bottom left next to your username. On mobile: tap your profile icon (bottom right) → scroll to Account.
This is the first section in User Settings. Scroll down to find the Two-Factor Authentication section.
Discord requires an authenticator app — it does not support SMS-only 2FA. Download Google Authenticator or Authy from your app store if you don't already have one.
Open your authenticator app, tap the + button, and scan the QR code Discord shows you. A 6-digit code will appear in the app.
Type the code from your authenticator app into Discord and enter your account password to confirm. Click Activate.
Discord gives you 10 one-time backup codes. Download or print these and store them safely — they're your recovery option if you lose your phone.
Discord only supports authenticator apps for 2FA — there's no SMS option. This is actually a good thing: authenticator codes are more secure and can't be intercepted by SIM-swap attacks.
Free options: Google Authenticator (simple) or Authy (backs up your codes to the cloud — useful if you change phones).
⚠️ If you're a server admin or moderator, a compromised account gives attackers admin privileges over your entire community. Protect it urgently.
✅ You'll see "Two-factor authentication is enabled" with a green badge in your Account settings. Your backup codes are your safety net — don't lose them.
Most account takeovers are reversible if you move quickly. Follow these steps in order. Do not skip ahead. If you need help, scroll down and message us — we respond fast.
Try logging in right now. If you can still access the account, do not log out — go straight to Step 2. If you're locked out, jump to the recovery links on the right.
Use a different device (phone or another computer) if possible — your current device may be compromised. Make it long, random, and unique. Use our Password Generator above.
Every platform has a "Sign out of all devices" option. Use it now — this boots the hacker out immediately even if they're actively inside your account.
Gmail: myaccount.google.com → Security → Your devices
Facebook: Settings → Password and Security → Where you're logged in
Instagram: Settings → Accounts Centre → Password and Security → Where you're logged in
This is the single most important thing after recovering access. Even if the hacker still has your password, they will not be able to get back in. Pick your platform from the tabs above.
Look through sent emails, messages, posts, and purchase history. Forward any suspicious sent emails to yourself for evidence. Screenshot anything unusual.
Hackers often use compromised accounts to send phishing messages to your friends and family. Post a message or text your contacts: "My account was hacked — ignore any unusual messages from me sent in the last [X] hours."
If you used the same password on other accounts, change those too — right now. Hackers run automated tools that try stolen passwords across hundreds of sites within minutes.
Even if you've recovered access, report the compromise. This creates a record, may trigger additional security protections, and helps platforms track attack patterns.
Look through your inbox and trash for any password reset emails you didn't request. This shows you which other accounts the hacker may have tried to access using your email.
Before you close the account settings, check each of these:
🆘 Need help right now?
If you're stuck on any step, message us. We'll walk you through the recovery process personally — no judgement, no jargon.
Get help now →We add new guides based on what our community actually needs. Tell us which app or website you'd like step-by-step MFA instructions for — we'll write it and add it to the list.
Most requested so far:
Create a strong, random password instantly. Use a unique one for every account — and store them in a password manager.
Everything runs in your browser. Nothing you type is sent to us or anyone else.
Got a suspicious link in a text, email, or WhatsApp? Paste it below — we'll analyse it for common phishing patterns without you having to click it.
⚠️ Pattern-based analysis only. Always use caution with unsolicited links regardless of result.
What we check for:
We're real people helping friends (and friends of friends). No judgement, no jargon. Drop us a message and we'll walk you through it — usually within a day.
We run this entirely in our spare time for our community. If these guides saved you a headache, buying us a coffee keeps it going and helps us reach more people.
No account needed · Secure payments via Ko-fi · ko-fi.com/reputick