Protecting Your Yahoo! Mail With 2-Step Authentication

Keep your personal information safe with two levels of security

keyboard message, mail
 Kizilkayaphotos/Getty Images
by Heinz Tschabitscher
An independent writer who has reviewed hundreds of email programs and services since 1997.
Updated September 14, 2018

Two-factor authentication (2FA), also called two-step authentication, is a security protocol that requires two different method be used together to gain access to a specific application or program. For example, when logging into your bank, having a username and password may not be enough. You may also have to identify a picture, that you've chosen previously, to prove that you are who you claim to be.

That extra layer of security is for your protection, and with two-step authentication, two layers of security can also protect your Yahoo! Mail account from suspicious login attempts.

How Secure Is Your Email at Yahoo!?

Your Yahoo! Mail account is only as secure as your password for it. Yahoo! checks not only the password when somebody attempts to log in to your account; it also looks at the location and computer from where the attempt is made. If one looks suspicious (say, a device you've never used before), it can require more than merely the password – but only if you have two-step authentication enabled.

In that case, a second detail is required for logging in, either entering a code sent to your cell phone or answering security questions. (You can also turn off the latter and require mobile phone verification.) Your Yahoo! Mail account is then as secure as your password and access to your mobile phone.

(For a similar degree of security, Yahoo! Mail also offers Access Key log-on via a mobile app.)

Protect Your Yahoo! Mail Account with 2-Step Authentication

To add a second layer of authentication for suspicious log-in attempts begin by logging into your Yahoo! Mail account. Then:

  1. In the upper right corner, click on your Account Icon, then click on the Account Info link.

    Screenshot of Yahoo Account Info screen from Mail interface

  2. This will open up a new tab. Click on Account Security in the left-hand column.

  3. Move the toggle for Two-step verification into the On position.

    Screenshot of Account security page for Yahoo's Two-step verification

    If you already have Yahoo Account Key enabled (like for Flickr), you'll need to turn it off here, as it is not compatible with Two-step verification.

  4. You're prompted to enter a mobile number. Once you've entered it, choose between Send SMS or Call me to receive an authentication code.

    When entering your mobile number, leave out any non-numerical characters. For example, enter 1234561234 rather than 123-456-1234 or (123) 456-1234.

  5. Depending on the method you chose, you should immediately receive a text or phone call with the verification code. Type the code received into the dialog box that appeared onscreen after you chose the method of contact..

  6. Click Verify.

  7. If the numbers match, you'll receive a success dialog with options to Create app passwords for apps that don't recognize or use two step authentication. You can also choose Skip for now if you would like to skip that process for the moment.

    Two-step authentication will not apply to Yahoo! Mail accessed via POPon mobile devices, or IMAP; for these, you can create application-specific passwords.

  8. That's it! From now on, you'll be prompted for an authentication code when logging in.