2FA, or two-factor authentication is a way of adding additional security on your account. The first "factor" is your usual password that is standard for any account, the second is a code run on an external device such as a smartphone, or a program on your computer. It is conceptually similar to a keycode device you may have to use when logging into internet banking. The technical name for this is "Time-based One-time Password Algorithm", but as its acronym is the same as a popular music show featuring Jimmy Savile, we won't be using that here.

It is important for Administrators to keep their account secure. In November 2016, a number of Wikipedia administrators (including the founder, Jimbo Wales) had their accounts compromised which were used to vandalise the encyclopedia. As well as causing widespread disruption, the affected administrators' accounts were locked so they couldn't do anything until it was beyond doubt they had regained control.

1. Download a 2FA app onto your smartphone. You probably want to use Google Authenticator because it's the best^{[citation needed]}

• Android version: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_GB
• iOS version: https://itunes.apple.com/gb/app/google-authenticator/id388497605?mt=8

2. Go to Special:OATH and following the instructions.

3. The recommended authentication method with Google Authenticator is to scan a QR code. Your browser will display a box with a pattern, which you have to point the camera in your smartphone towards, as if you're taking a picture of it. (Your phone might ask you for permission to use the camera first). If you can't do this, Google Authenticator can supply you an account name and alphanumeric key, which gives you the same result.

4. Once you're set up, your phone will give you a verification code. Enter this into the box at the bottom of the OATH page browsed to in step 2).

That's it, you're all set up. Now read "Emergency tokens : IMPORTANT, read this".

Please note: Using a windows based client slightly decreases the effectiveness of a two-factor system - if someone has access to your PC and your password, they will still be able to log in

1. Download winauth^[1] (https://winauth.com/download/) onto your Windows PC.

2. Pop over to Special:OATH

3. Enter the two-factor account name and key from the OATH screen into the program. It should show you where to put it.

4. Enter a verification code from winauth into the OATH screen to complete the enrollment.

That's it, you're all set up. Now read "Emergency tokens : IMPORTANT, read this".

When you set up 2FA, you'll be given a number of emergency tokens. You can re-use one of these if you can't use your smartphone (eg: if it gets broken, stolen or sold). You only get shown these tokens when you sign up and never again, so make a copy of them by selecting them from your browser and copy / pasting into Notepad. If you don't keep these tokens and have a problem getting the additional authentication code, you will be locked out of your account unless you have access!

• You still need to follow good security practices. Don't use your name, date of birth or anything obvious as a password that can be guessed in a simple dictionary attack, don't write your password down in a place anyone else can see it, and consider whether or not it's a good idea to log into public terminals including schools, libraries and airports.

On the English Wikipedia the following groups can use 2FA:

• Bureacrats
• Administrators
• Checkusers
• Oversighters
• Edit Filter Managers
• Interface Editors

2FA is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).

See the meta help page - this is quite technical