Here Are All The Sites You Should Enable Two Factor Authentication On (And The Ones You Should Yell At)

Two-factor authentication! In this age of endless massive hacks we seem to be in the middle of, it’s one of the easiest ways you can dramatically boost security on your online accounts.

But which sites actually support it? It can be a pain to keep track. Fortunately, a new, community-driven list keeps a running list of all the big sites that have some form of 2FA enabled (and encourages you to nag at those that don’t).

Still not quite sure what two-factor authentication is? Don’t worry — it’s less complicated than its name makes it sound. The basic idea is that to log into an account, you’d need two things to verify you are who you say you are: something you know (like a password), and something you have (like your cell phone, tied to a verified phone number).

While the exact implementation varies, this generally means that once you’ve punched in your password, a service will ask you to type in a randomly generated code that they’ve sent to your cell phone. In order to gain access to your account, then, a hacker would need your password and access to your cell phone (or some way of intercepting messages). It’s not bulletproof, but it makes hacking an account a helluva lot more complicated.

TwoFactorAuth.org is an attempt to compile a list of how every relatively large service implements (or doesn’t implement) two-factor login. If a company supports it, it offers an at-a-glance look at the methods used — LinkedIn, for example, uses the texting method mentioned above, while the Steam gaming store sends your code via email, instead.

2fa dot dot dot

And if a listed company doesn’t support two-factor, they get a big ol’ “Tell them to support 2FA” button placed right next to their name. Press it, and it’ll auto-generate a tweet to the company for you that calls them out for their security practices.

The whole thing is managed through a public GitHub repo, allowing anyone with a bit of basic coding knowledge to offer up suggestions for additions or modifications to the list.

The current big offenders? According to the list: Mint, Amazon (they support it for their developer-focused web services, but not for their retail store or payments service), Zappos, BitBucket and Heroku.