Protecting Your Yahoo! Mail With 2-Step Authentication

Keep your personal information safe with two levels of security

keyboard message, mail
 Kizilkayaphotos/Getty Images
by Heinz Tschabitscher
Updated June 03, 2018

Two-factor authentication (2FA), also called two-step authentication, is a security protocol that requires two different method be used together to gain access to a specific application or program. For example, when logging into your bank, having a username and password may not be enough. You may also have to identify a picture, that you've chosen previously, to prove that you are who you claim to be.

That extra layer of security is for your protection, and with two-step authentication, two layers of security can also protect your Yahoo! Mail account from suspicious login attempts.

How Secure Is Your Email at Yahoo!?

Your Yahoo! Mail account is only as secure as your password for it. Yahoo! checks not only the password when somebody attempts to log in to your account; it also looks at the location and computer from where the attempt is made. If one looks suspicious (say, a device you've never used before), it can require more than merely the password – but only if you have two-step authentication enabled.

In that case, a second detail is required for logging in, either entering a code sent to your cell phone or answering security questions. (You can also turn off the latter and require mobile phone verification.) Your Yahoo! Mail account is then as secure as your password and access to your mobile phone.

(For a similar degree of security, Yahoo! Mail also offers Access Key log-on via a mobile app.)

Protect Your Yahoo! Mail Account with 2-Step Authentication

To add a second layer of authentication for suspicious log-in attempts (from a new country, for example) to your Yahoo! Mail account:

  1. Hover the mouse cursor over your name or icon in the top Yahoo! Mail navigation bar.
  2. Select Account Info from the menu that appears.
  3. If prompted:
    1. Type your Yahoo! Mail password under Password.
    2. Click Sign In.
  4. Follow the Set up your second sign-in verification link under Sign-In and Security.
  5. Make sure Check this box to turn on the second sign-in verification is checked under Further Protect Your Account.
  6. If you already have a mobile phone number associated with your account:
    1. Click Use Current Phone to use it for two-step authentication
    2. Or, click Use New Phone to use a different phone number.
      1. Note that the form on this page may not allow you to enter phone numbers in all countries to which Yahoo! can actually deliver verification codes. (You can add those mobile numbers on your account page; see below.)
  7. If you have not yet set up a mobile phone number or chose Use New Phone:
    1. Enter your phone number under Second Sign-In Verification Setup: Add Mobile Phone.
    2. Click Receive SMS.
  8. Type the verification code received at the number under Enter code: (the code is not case-sensitive).
  1. Click Verify Code.
  2. Choose Use only my mobile phone number for verification under Your second sign-in verification is turned on to require the use of SMS text message verification ​or Use either my security question or mobile phone number for verification to allow two-step authentication with password and security question.

Note that two-step authentication will not apply to Yahoo! Mail accessed via POPon mobile devices, or IMAP; for these, you can create application-specific passwords.

Add a Mobile Number Not Recognized on the 2-Step Verification Form 

To set up a new cell phone number for recovering access to Yahoo! Mail:

  1. Click your name or avatar in the top Yahoo! Mail navigation bar.
  2. Select Account Info from the menu that shows.
  3. Follow the Update password-reset info link under Sign-In and Security.
  4. Click Add another under Mobile Numbers.
  5. Enter your mobile phone number.
  6. Click the country code to pick a different one.
  7. Click Save.