Geslar logo
Geslar
3 min read

How to enable 2FA on everything

A step-by-step guide for two-factor authentication on the most popular services. Protect your accounts in 2 minutes.

What is 2FA and why does it matter?
Two-factor authentication (2FA) adds a second layer of protection to your account. Even if someone finds out your password, without the second factor — they can't log in.

The second factor can be: a TOTP code (a time-based one-time code from an app), an SMS code, biometrics, or a physical security key.
SMS 2FA is better than nothing, but it's not secure. SMS messages can be intercepted via SIM swap attacks. Always prefer a TOTP app (like Geslar's built-in authenticator) over SMS verification.
TOTP vs SMS — what's the difference?
TOTP (recommended)
Generated locally in the app. Doesn't depend on mobile network. Cannot be intercepted. Geslar has a built-in TOTP — password and code in one place.
SMS code
Sent via mobile network. Vulnerable to SIM swap attacks. Doesn't work without signal. Better than nothing, but worse than TOTP.
Google (Gmail, YouTube, Drive)
  1. Open myaccount.google.com/security
  2. Click "2-Step Verification"
  3. Click "Get started" and enter your password
  4. Select "Authenticator app"
  5. Scan the QR code with Geslar (or enter the key manually)
  6. Enter the 6-digit code from Geslar to confirm
  7. Save the backup codes in a safe place
Geslar tip: When you scan a QR code, Geslar automatically saves the TOTP secret alongside the associated password. Next time you log in, both the password and 2FA code are in one place.
Facebook
  1. Open Settings → Security and Login
  2. Find "Two-Factor Authentication" and click Edit
  3. Select "Authentication App"
  4. Scan the QR code with Geslar
  5. Enter the 6-digit code to confirm
  6. Optional: save recovery codes
Instagram
  1. Open profile → Settings → Security
  2. Click "Two-Factor Authentication"
  3. Select "Authentication App" (not SMS)
  4. Instagram will open the default authenticator — instead, copy the key manually
  5. Add the key to Geslar and enter the generated code
Instagram often tries to open Google Authenticator. If you're using the Geslar mobile app, you can copy the secret key and enter it manually in the TOTP field.
Microsoft (Outlook, Office 365, Xbox)
  1. Open account.microsoft.com/security
  2. Click "Advanced security options"
  3. Under "Two-step verification" click "Turn on"
  4. Select "An app" and scan the QR code with Geslar
  5. Enter the code to confirm
Twitter / X
  1. Open Settings → Security and Account Access → Security
  2. Click "Two-Factor Authentication"
  3. Select "Authentication app"
  4. Scan the QR code with Geslar
  5. Enter the 6-digit code to confirm
  6. Save the backup code
Since 2023, Twitter/X has removed SMS 2FA for free users. A TOTP app is the only free option — yet another reason to use Geslar.
LinkedIn
  1. Open Settings → Sign in & Security
  2. Click "Two-step verification"
  3. Select "Authenticator app"
  4. Scan the QR code with Geslar
  5. Enter the code and confirm
Croatian banks
Most Croatian banks use their own 2FA systems — mToken apps, SMS OTP, or hardware tokens. These systems don't support the standard TOTP protocol, so you can't add them to Geslar.

However, it's important to:
Use mToken
If your bank offers mToken — activate it. It's their version of 2FA and significantly increases the security of online banking.
Strong password for banking
Your online banking password must be unique and strong. Use the Geslar generator — never the same password as your email or social media.
General 2FA tips
Always save backup codes. When you enable 2FA, most services provide one-time backup codes. Save them in Geslar notes — you'll need them if you lose access to your authenticator.
Prioritize your accounts. If you can't do everything at once, start with: email → bank → social media → everything else. Email is the most important because it's used to reset passwords on all other services.
Geslar keeps your password and TOTP code in one place. That means you can log in with two clicks — without switching between apps and without manually copying codes.
Conclusion
Enabling 2FA takes 2 minutes per service. In those 2 minutes, you dramatically increase the security of every account.

Password + TOTP = two walls between attackers and your data. Geslar protects both — in one place, locally, without cloud servers.

Geslar — passwords and 2FA codes in one place. Free.

Download Geslar →

Related articles
Zero-knowledge architecture
What zero-knowledge architecture means for your passwords — and why Geslar cannot see your data even if it wanted to.
Master password — how to make one you won't forget
Your master password is the single key to all the others. It must be strong, but also memorable to you. Here's how.
Email hacked — what to do (7-step checklist)
Step-by-step guide to recover a hacked email account. The first 24 hours are critical.
Author
Daniel Legin
Daniel Legin builds Geslar — a free password generator and manager made in Croatia.
More about Geslar →