Help
What is this app?
Step Two is a two-step verification app, also known as an authenticator app. It’s similar to apps like Google Authenticator and Authy (but much better).
What is two-step verification?
Two-step verification adds an extra layer of security to your online accounts. When you enable two-step verification for an account that supports it, the next time you log in to that account, you’ll need a 6-digit code generated by Step Two. This makes your account more secure, because even if someone guesses that account’s password, they won’t be able to log in without a 6-digit code from Step Two.
Which online accounts support two-step verification?
Many popular websites, such as Google, Twitter, Amazon, and more, support two-step verification. Check out twofactorauth.org for a pretty comprehensive list of websites that support two-step verification.
How is this different from getting a two-step code via SMS?
SMS-based two-step verification is generally considered to be less secure than using an authenticator app. It’s also less convenient, because SMS delivery can be slow under poor network conditions. Step Two generates two-step codes on its own, rather than receiving them from the network. This means your two-step codes are always available the instant you need them.
How do I use Step Two with my Google, Twitter, Amazon, or some other online account?
If your online account supports two-step verification with authenticator apps, you’ll typically need to do the following:
Go to your account’s security settings and turn on two-step verification.
Next, you’ll be asked to scan a QR code with an authenticator app. You can do this in Step Two by tapping the + button in the top right of the user interface.
After scanning the QR code, you’ll see the account get added to Step Two, and the app will start generating two-step codes. The next time you log in to your account, you’ll need to enter a two-step code along with your username and password. Two-step codes are only valid for 30 seconds, so you’ll see them change pretty frequently.
For more specific instructions on setting up two-step verification with a particular account, check that account’s support website.
What is a secret key?
When you scan a QR code to set up two-step verification, that QR code contains a secret key. A secret key is like a password that is only known by your online account and Step Two. That secret key is then fed into an algorithm that generates two-step codes. Anyone who knows your secret key can generate two-step codes to log in to your account, so never share two-step QR codes with anyone.
On macOS, why does the Safari extension’s toolbar icon have a color-tinted appearance?
Safari on macOS tints an extension’s toolbar icon with your system accent color to indicate that the extension has access to the page. While Step Two never saves or transmits any information about your browsing history, it does need access to the pages you visit to be able to suggest accounts and autofill two-step codes. Most Safari extensions need access to the pages you visit to do anything useful, so you’ll see tinted toolbar icons for most extensions — not just Step Two. If you don’t like this, send your feedback to Apple. There’s nothing I can do about it.