2FA, or two-factor authentication is a way of adding additional security on your account. The first "factor" is your usual password that is standard for any account, the second is a code run on an external device such as a smartphone, or a program on your computer. It is conceptually similar to a keycode device you may have to use when logging into internet banking.

It is important for Administrators to keep their account secure. In November 2016, a number of Wikipedia administrators (including the founder, Jimbo Wales) had their accounts compromised which were used to vandalise the encyclopedia. As well as causing widespread disruption, the affected administrators' accounts were locked so they couldn't do anything until it was beyond doubt they had regained control.

1. Download a 2FA app onto your smartphone. You probably want to use Google Authenticator because it's the best^{[citation needed]}

• Android version: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_GB
• iOS version: https://itunes.apple.com/gb/app/google-authenticator/id388497605?mt=8

2. Pop over to Special:OATH

3. Scan the QR code with Google Authenticator (or enter the two-factor account name and key if you're using something else)

4. Enter a verification code from your app into the OATH screen to complete the enrollment.

That's it, you're all set up

Please note: Using a windows based TOTP client slightly decreases the effectiveness of a two-factor system - if someone has access to your PC and your password, they will still be able to log in

1. Download winauth^[1] (https://winauth.com/download/) onto your Windows PC.

2. Pop over to Special:OATH

3. Enter the two-factor account name and key from the OATH screen into the program. It should show you where to put it.

4. Enter a verification code from winauth into the OATH screen to complete the enrollment.

That's it, you're all set up

2FA is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).

• Once you've entered the verification code, you will also be presented with a series of one-time scratch codes. Safely store a copy of these codes, should you lose or have a problem with your TOTP client you will be locked out of your account unless you have access to these codes.

See the meta help page - this is quite technical