Thinking more about the entrepreneurship journey

picture of a coffee cup since coffee fuels the entrepreneur's journey
Photo by Danielle MacInnes on Unsplash

I wrote a piece over on the GoDaddy blog with some thoughts on the entrepreneur journey, and I wanted to make sure I captured a few of the key points here as well. (That said, you can hop over there to read the full thing.)

The gist: There are four key steps on the entrepreneurship journey: dreaming about what you want to do, actually getting going and creating the venture based on that idea, growing the venture, and then ongoing management once it’s up and running.

Underpinning all of that are the human factors: staying healthy, connecting with others who are also in the community of entrepreneurs, and sharing some of your energy back to the other folks who are also going down the path.

Visually, it kind of looks like this:

GoDaddy entrepreneur journey graphic

The interesting thing about this entrepreneurship journey framework is that it can be used in three ways:

  • As a diagnostic, to determine where you are on the journey (Dream It, Create It, Grow It, or Manage It stage)
  • As a benchmark, to determine where you are in comparison to others (your peers and/or competitors)
  • As a roadmap, to determine what to do next on on the journey (are you currently in the Dream It stage – then there are particular things you need to do in order to move forward into the Create It stage of the entrepreneurship journey)

A few weeks ago, I had the opportunity to present this framework at the Cal Poly SBDC incubator, with really positive feedback. (If you want to check out the full entrepreneur journey presentation and slide deck, just click that link.)

For folks who have started their own thing: Does this framework hold for you and does it align with your experience? Would love to hear your feedback!

How to set up an AWS IoT button

Let’s make a Boop Button.

A couple of weeks ago, I saw that Amazon had made their AWS IoT button available. This is the same base hardware they use for their “Dash” buttons, and I thought it might make a fun weekend project to see what I could do with an internet of things button that could be programmed. Plus, who doesn’t want an excuse for a little weekend hacking? It was Maker Faire weekend last week, after all, and I felt inspired. I ordered a couple of the buttons from Amazon for about $20 each. They showed up a couple days later via Amazon Prime.

The button itself is pretty much the simplest thing possible; it’s a chunk of plastic about the size of my thumb, with a big white button on it and a tiny LED.

AWS IoT button picture

I started thinking about the fun things that could be done with the push of a button. I could control a Philips Hue lightbulb! Or have it play music! Oooh, it could turn on the coffeemaker! Summon a Tesla! Launch a rocket! My imagination went wild for a while. After thinking about it for a bit, I decided to start with something a little more straightforward. I decided to see if I could make it so that when someone pushed the button, the system would send me a text message that said “Boop!”


Here’s everything I needed to do in order to configure the “Boop Button.”

UPDATE #1: I just received a very nice note from Jinesh Varia, who is part of the Amazon AWS developer relations team. They have made a few changes to the process. I’ve included Jinesh’s email at the bottom of the post, which updates Step 3, Step 5 and Step 6. I’ll inline the changes here at a future time when I’ve had a chance to grab screenshots and such.

1. Set up an AWS account

You’ll need an AWS account to use your AWS IoT button. Set up an account here Once you’ve done this, it would be adviseable for you to have a look at some aws cloud monitoring options that can ensure that your cloud computing never runs into any serious issues that could put your data at risk.

2. Understand a few terms

Within the AWS IoT button world, there are a few concepts that it took me a few minutes to wrap my head around regarding a “device,” the associated “certificate and key” and a “policy.” If you don’t have any much knowledge on AWS, I would recommend doing something like this aws certified developer associate practice exam beforehand. AWS can be quite tricky to understand, especially if you’re a beginner, so taking a certified exam might help you out with the gaps in your knowledge.

  • Thing (also called a Device) – This is a representation in your AWS account of the IoT button itself.
  • Certificate and Key – These are two files you’ll need to secure the interactions between your AWS IoT button and the Amazon AWS service.
  • Policy – This is a list of the AWS IoT services that your button should have access to.

Those pieces all work together to form the basis of the infrastructure that your IoT button will talk to. Let’s set them up and get those pieces in place.

3. Configure your device, certificate, key and policy

Go to and login to the console. It’s important to note the UI on this page is horrible. There’s a button called “Login to the Console.” Click that one.


Clicking on the “Login to the Console” button will take you to a simple wizard that does a lot of the behind the scenes configuration for you. Fill out the fields on the wizard and click “Generate certificate and keys.”


Important! Download both the certificate file and key file to your computer. You’ll need them in the next step to configure the button itself. Got both the certificate and the key files created and saved locally on your computer? Good. Let’s keep going.

The confirmation screen also should also list “endpoint subdomain” and “endpoint region” information. Write these down. You’ll need them in the next step. They tell your button where to send its information when you press it.

It’s now time to configure the physical button itself.

4. Connect the AWS IoT button to your wifi network

This next part of the process involves configuring the physical button itself. First, you’ll need to disconnect your computer from your primary wifi network and connect the computer to the IoT button in order to configure the button so the button can talk to your primary wifi network.

  • Hold down the white button on the IoT button for five to ten seconds until the LED on the IoT button flashes blue. This means the device is now in its configuration mode and it has started up its own wifi network access point.
  • Connect your computer to the wifi network that the button created. The network will be named something like “Button ConfigureMe – X99” and it requires a password. The WPA2-PSK password to connect to the button’s wifi network is the last eight digits of the device serial number written on the back of the button.
  • Once your computer is connected to the Button ConfigureMe network, go to 192-168-1-1 is your router IP address, for more information on what you can do with this, follow that link. The page is a configuration page that the button is serving up from a tiny little web server built into the button itself.
  • Fill in your primary wifi connection information on the form, upload the certificate and key from the previous step, and fill in the “endpoint subdomain” and “endpoint region” information you wrote down a moment ago.

At this point, the LED on your IoT button should flash white a number of times, and then it should flash green. The white flash means it’s connecting to your primary wifi network, and the green flash means it was able to connect to the AWS endpoint. This is good! (If you see it flash red, that means that something was misconfigured. Amazon has published a list of what all the IoT button LED codes mean. The Troubleshooting Guide at the bottom of this page explains all the flashing LED codes.)

5. Set up the rule that will fire when the IoT button is pressed

So far so good! Your button now is configured and can send a message to the AWS infrastructure. Now, let’s configure a rule to fire on AWS when it receives the message from your button. This rule will live on the AWS “Lambda” infrastructure, which is their engine for things like this. If you were working through the wizard on the prior step, clicking “next” should take you to the page to set up the function. If for some reason it didn’t you can click here and get to the right page in the wizard to set up the function.

In the first phase of getting the Boop Button to work, pressing the button sends me an email, and then I’ll use that email as a trigger to send me the “Boop!” text message. It’s a simple way to see if I can get all the parts to execute together. This sample function brought up by the wizard sends an email when it receives a message from the IoT button. That’s handy.


In this step of the wizard, fill in a name for your function, and then make a couple of tweaks to the sample code.

On Line 8, update the constant to the email address you want to receive a message when the IoT button is pressed.

Read lines 10-15 of the sample code carefully. I missed this the first time I did this and it took me forever to figure out what was wrong.

* NOTE: Your function’s execution role needs specific permissions for SNS operations.

* Copy the following policy JSON document below. When you select an execution role for

* this function, choose “Basic execution role”. In the new tab that opens, expand “View

* Policy Document”, click Edit, and replace the entire policy document with the copied

* one. Then, click Allow to create your new execution role.

What this means is copy the JSON object on lines 16-40 and save them for the next step.

Choose “Basic execution role” from the dropdown.


This will open up a new window. In that new window, expand the policy document, choose “Create a new Role Policy” and click “Edit.” Then paste the JSON object you copied a few seconds ago into the box (replacing the original contents of the box), and click “Allow” in the lower right to create the role.


You should see a message that says “Successful” and you should be returned to the screen you were just on.

Click “Next.”

You should now be on a review screen.


All should look good. Click “Create function.”

The system will now take you to a screen where you can enable this function. If state is “disabled,” click on the link to toggle the state and enable the function.


6. Test the AWS IoT button

Ok, deep breath. Let the system settle for a minute or two, and now it’s time for the first test. Press the big white button on your IoT button once, like ringing a doorbell. What should happen is the following:

  • It should flash white a few times as it connects to your wifi.
  • It should then flash green as it sends the message to AWS.
  • AWS will execute the function and should send an email.

Let’s see what happened.


Ok, from here on out it’s a cakewalk.

I set up an If This Then That (IFTTT) rule to listen for an email from my IoT button and, if I get that email in my Gmail box, to send me a text.


Let’s see what happens.

I push the button.

An email shows up in my Gmail, and…I just got a text message. It works!


7. Summary

One thing I learned from getting the Boop Button working is that while the Amazon documentation is technically all there, it’s sometime disjointed and difficult to follow. The key steps are:

  • Get an AWS IoT button
  • Set up the AWS thing, certificate, key and policy in your AWS account
  • Install the certificate and key on the physical AWS IoT button, connect the IoT button to your wifi network and ensure it can connect to AWS
  • Set up the rule that will fire when AWS receives the message from the IoT button

The first time through, this took a couple of hours to get everything working. Now that the basics are in place, next enhancement is to see if it’s possible to send an SMS directly from Amazon and not need to go through IFTTT. After that, another future enhancement is to use the IoT button to call other arbitrary functions instead of sending an email.


Further reading

While the example above takes one through a wizard that sets up the policy, certificate and key, there is another page that does the same things in a more manual fashion. It took me forever to find this page, and there were a few false starts, but there are some good additional resources here:

UPDATE #1 (continued):

Here is the note I received from Jinesh at Amazon.

“Hi Christopher,

I work on the AWS IoT Team and currently manage the AWS IoT Button project. I have been at AWS almost 10 years now.

First, Thanks a lot for the excellent blog post. We have sent the reference to multiple customers on how to get started quickly. But most importantly it has helped me and my team to know what we need to fix. In the spirit of customer obsession, primarily driven by your blog post, we have made a few updates that will simplify the getting started experience:

Step 3: you can find the blueprint now in the Lambda console “Create Function” by just typing “button” in the filter box. You will also get this link now in the IoT Console so its easy to find.

Step 5 (most important one): We have updated the console wizard now so the SNS permissions template is pre-selected with the blueprint and long Step 5 is now not needed anymore. This was our biggest pain point today so thanks for giving us the feedback and with the new deployment, developers don’t have to do all the steps.

Step 6: One more way to test the button is to use the MQTT Client in the browser. Subscribe to the topic “iotbutton/+”

Your post is excellent and we will continue to refine and make it even more easier for developers to get started with the button. I would be highly obliged if you can update the post with the above edits so your readers get the most updated information.

I would love your additional feedback if there is any way we can further improve: More blueprints, More easier way to get started, more ideas for developers?


The Times Square snowboarding video: Why it went viral

Times Square snowboarding in the New York Blizzard in 2016.
By now you’ve probably seen the video of the guy snowboarding through Times Square while being pulled by a Jeep. It can seem like a random occurrence when viral videos* happen. All of a sudden, out of the blue, it seems like something catches on fire and instantly it is everywhere.

Let’s take a few minutes and dissect everything that had to happen for this “random” occurrence to come to pass.

Step One: Bust your ass for five years or more.

Remember that video from 2011 of the random guy riding in the bike lanes of New York City? The entire video was of a bicyclist crashing into cars and obstacles that were obstructing the bike lane. That bike lanes video was done by a guy named Casey Neistat, who was peeved that he’d received a $50 fine from the NYPD for riding his bike in the regular traffic lanes.

You know who made this snowboarding video? Casey Neistat. He’s been honing his craft, making videos day in and day out out for over half a decade.

Here’s the video, in case you hadn’t seen it yet. It’s awesome.

Step Two: Hustle. Always.

If this video had gone out tomorrow (Monday), he probably would have been too late. He and his team knew they had their window where they could catch the zeitgeist. They had to publish it today if they were going to do it at all.

Step Three: Have a kick ass team that is no bigger than it needs to be.

The core of this video was done with three people. One person to ride, one person to shoot, one person to drive the Jeep. There’s no crew, there’s no committee. Everyone’s a doer.

Step Four: Start from a position of strength

Casey’s channel has over 1.8 1.9 million subscribers. He has a legion of followers. He publishes videos nearly every day. Not every one of his videos will go “viral.” Not even close. However, having that consistent connection with his community means that the stage is set for something to take off when the opportunity arises.

Step Five: Be willing to throw stuff away and break things to do something great.

They dumped multiple cameras in the snow during the shooting of this. While the final video was under three minutes, they were clearly out there for hours getting everything they needed. The majority of the footage that was shot will never see the light of day, and that’s ok.

Step Six: Everyone knows there is snowmaggeddon drama in New York and Times Square today

There is already massive attention focused on New York and the East Coast today. This video wasn’t creating a new wave, it was catching one that was already rocketing along.

Step Seven: Did I mention hustle?

From the behind the scenes video, they said they started shooting at nine in the morning and finished everything up, including editing, at one o’clock the next morning. If my math is right, that is 16 hours of focused time in the zone over the course of a single day to get this done. It had to be done, so they did it.

Step Eight: Have the right team

Per the point above, it’s not just important to have a focused team, it’s critical to have the right team. For this effort, it sure seemed like everyone knew their role, be it driver, boarder or cameraman. Everyone on the team knew what to do before the snow even started falling. High-functioning teams have muscle memory, and don’t need to think about what to do next. They just do it. As such, folks could play their position and do exactly what they needed to do, and not get in each others’ way. This sure appears to be a high-functioning team. People were not running into each other trying to figure out who should be working on what. Everyone knew what to do.

Step Nine: Create something that works

The video itself is fantastic. They started with the spectre of conflict with the NYPD. They also set the stage right out of the gate that this is something that it is fun, uncommon, and a little bit illicit and perhaps even illegal. That builds drama and builds interest throughout the video in what the outcome will be.

The shots are tight and the editing was great. I don’t think there’s a single shot in there that is over three seconds before the next cut.

There is a narrative, a protagonist and a host of supporting characters. You have the “stars” doing the actual riding behind the Jeep, but there are a number of outstanding interactions with passersby that happen a few times during the video. Throughout, the vibe that permeates the video is that this is fun, this is a community thing, and this is something that anybody could do. They even bring some of the folks from the street into the fun as well. The entire video feels participatory, not exclusionary.

Above and beyond the images of riding a snowboard through Times Square and the streets of New York, the shots had something unexpected in almost every scene. The high drone shot is outstanding. And seeing someone pass through a car-free Times Square is something that we rarely see.

The story arc comes around and resolves at the end of the video. While I smiled at nearly every scene, I also spent the entire video wondering when they were going to get busted. They finally do get pulled over — and the reaction of the cops is priceless and unexpected. They nailed the title of the video as well, setting up its inherent tension and conflict.

People love stories.

Step Ten: There was more to the story.

They shared the behind the scenes making of this as well; that is a much longer and deeper piece. Also of note: the first time I clicked through to the behind-the-scenes video, I did see a full-length ad that required viewing before the behind-the-scenes video could be seen. This was totally OK with me. I had gotten the initial “fun” video without any ad intrusions, and I was certainly fine sitting through a 15 second preroll to see everything that went in to making this piece of joyousness. From my standpoint, that approach showed respect for the audience. Instead of trying to immediately jump on and throw an ad to block things in the initial video, I wonder if they made the explicit call to have the initial video accessible with zero friction and try to make a couple of bucks off of the clickthroughs to the behind-the-scenes video.

Here’s the behind the scenes video. A lot of work and hustle went into this.

Step Eleven: Assume things will go wrong, and plan for that.

In the behind the scenes video, you’ll see the videographer backing up video files as they are going along, just in case something went sideways. He also notes that they trashed a number of cameras, and their primary camera, that they probably would’ve used without mishaps, actually shot some of the worst footage. It sounds like they thought they used the wrong lens, which is why video coming out of the “gimbal camera” was foggy and not as clear as the other shots. Things happen. Play the hand you’re dealt.

So what’s the secret to going viral?

Big wins like this are not completely unexpected. Success is not a lightning striking randomly thing. So what’s the secret to success?

  • Number one: Bust your ass for years.
  • Number two: Hone your craft.
  • Number three: Be willing to throw things away.
  • And number four: Hustle.

* – By the way. I hate that term with the fire of a thousand suns.

BrainPickings on the source of creative breakthroughs


The most significant human achievements between Aristotle’s time and our own — our greatest art, the most enduring ideas of philosophy, the spark for every technological breakthrough — originated in leisure, in moments of unburdened contemplation, of absolute presence with the universe within one’s own mind and absolute attentiveness to life without, be it Galileo inventing modern timekeeping after watching a pendulum swing in a cathedral or Oliver Sacks illuminating music’s incredible effects on the mind while hiking in a Norwegian fjord.

From today’s BrainPickings. Read it.

Photo Credit: Pavel Lunkin via Compfight cc

Annual performance reviews are now out of vogue

When I was at Andersen Consulting, Accenture’s precursor, the “forced ranking” review cycle was the norm. Managers were given a curve, and had to map their team to that curve — you could only have x% “super high performers” and y% typical performers and, by fiat, z% of the team had to fit into the “lower performance” part of the curve. It’s notable to see how now, not-that-much-later, they’ve turned 180 degrees.

In big move, Accenture will get rid of annual performance reviews and rankings?(WaPo)


Our evening with Keith Haring

On February 12, 2015, a small group of friends?had the rare opportunity to take a private tour of the exhibit “Keith Haring: The Political Line”?at the de Young Museum in San Francisco. Julian Cox, curator of the exhibit, shared his perspective throughout the tour. Click on any image in here to see the full set of snaps.


While I had known about Haring’s work through its ubiquity?in pop culture in the 80’s, I wasn’t aware of the insane volume and breadth of work he created in just a few short years. I also wasn’t aware of the full extent?of media in which he worked. Graffiti? Check. Oil on canvas? Check. Sculpture? Check. Paint on tarps (tarps?). Check. Prolific doesn’t begin to describe it. Sharpie on metal? Sure. Paint an entire car? Let’s do that as well. Crushingly,?Haring was active for less?a decade in the public eye; he died in 1990 at age 31 of complications from AIDS.


In describing most of the work we saw, “subltely” was not a word that would typically be used to describe it — day glow colors, shocking imagery, garish forms. There was?even a 14′ phallus. (Yup.)


That said, there was one piece I could spend hours or days thinking about. The Last Rainforest, which was painted in 1989 only a few months before Haring’s death, is breathtaking.

The Last Rainforest
Keith Haring: The Last Rainforest (1989)


I highly recommend clicking through on the image above, and then zooming in on the detail. It’s as complex a story as Rodin’s depiction of Dante’s Inferno in the?The Gates of Hell. It’s absolutely mind-bending in its complexity and in the number of stories that are included.

After the tour, we had the opportunity for our small group to take over one of the galleries for an incredible meal. (It was kind of like this, but without quite as much Russell Brand.)

All in all, an enlightening evening. Would do it again in a heartbeat.



Tools I use: Plus/Delta

There are a few tools I use on an almost weekly basis. Some of these help me get more stuff done, some of them help me do things better. One of these tools is Plus/Delta.

Plus/Delta is dead-simple. Two columns, one labeled “Plus” and one labeled “Delta.” You can do it on a whiteboard, on a collaborative Google Doc (here’s one), on paper, on Post-Its or on index cards. Have a facilitator scribe, or have the participants write their Plusses and Deltas on notecards or on Post-Its. Have the participants in the session articulate what worked well (“Plus”) and what they would change for next time (“Delta”). Capture everything, summarize the key points, learn from it and iterate. The whole process shouldn’t take more than 10-15 minutes.


It pretty much works with any size group; I’ve used it in groups up to about twenty or so. If the group is really large, break it into smaller subgroups and have each group do its own Plus/Delta. Then have each group pick a representative to share?their results to everyone in the larger group in turn.

Plus/Delta works best when you make it a default part of a process. It’s just “the thing you do after you did something else.” For example:

  • Did you just do a two-day workshop? Have the participants engage in Plus/Delta near the end of the second day in order to understand how to do a better workshop next time.
  • Did you invest time to go to a conference? Plus/Delta.
  • Did your team pitch a project to a client? What do you do when you get back to the office? Plus/Delta.
  • How did that last development sprint go? Plus/Delta.
  • Is that an antelope driving a car? Plus/Delta.?(Nope.?Chuck Testa.)

You can learn more about Plus/Delta in the book Gamestorming, by Dave Gray,?Sunni Brown and James Macanufo. It’s one of dozens of tools in the?very rich Gamestorming tool kit.

By the way, this post came about as part of the Weekly Post Challenge, proposed by Dre Armeda. You can find a few other posts from this week by Mendel Kurland,?Kelley Koehler, Chris Ford, Matt Medeiros,?Dre Armeda?and an epic post from John Hawkins on how to produce a podcast.

image: Johanna Kollmann via cc by 2.0


You’re doing awesome

Just saw a great lightning talk from Mickey Kay at WordCamp SF 2014. It was only about five minutes long, and was a great reminder of the fact that we are all newbies. Even if you’re an “expert” in a field, there’s always more to learn. More importantly, if you are truly a n00b, there is one thing to remember, first and foremost. That thing is: You’re doing awesome.

Mickey Kay

You’re trying. You’re doing. You’re actually moving forward, even if it doesn’t feel like it at times.

Mickey then shared his three rules for keeping the forward momentum going.

Make as much as possible.

Make as much as possible. Be a creator. You power through the newbieness by getting your hands dirty.

Share your problems.

Share your problems. As much as you like to think it, you’re not a unique snowflake. Someone else has had this problem before. Maybe they can help you. Or, if someone else is also having the problem now, maybe you can work on solving it together.

It’s okay to not know.

It’s okay to not know. You don’t know everything. Neither does anyone else. In Mickey’s anecdotal survey of a number of “experts” in the WordPress field, he said that over 40% stated that they are often exploring new ground when they’re trying to solve a problem. There are no rote answers. It’s okay to be discovering as you go along.

Good reminders for all of us.

It’s most definitely go time: I’ve joined GoDaddy

It’s official: I’ve joined GoDaddy. I am incredibly stoked.

(Ob disclosure: while I’m now an employee of GoDaddy, these are my personal opinions.)

This is a company that has gone through an incredible maturation process in the past few years, and where the company is now is miles ahead of where it was even 24 months ago, both in brand and in product. The T&A Super Bowl ads are long gone, the products are getting solid reviews, and a lot of attention is being paid to customers: from?small businesses?to?web designers and developers?(including WordPress, Drupal and Joomla!) to mobile and local.

In particular, I’ll be working with our customers?who are web professionals, ensuring that we’re?engaging with communities of designers and developers and delivering the content, community and product that help this very important constituency kick ass.

Tomorrow is my first “official” day.

Let’s go!


New job == new swag sweatshirt. Bonus.

How to enable two factor authentication on 50 top websites including Facebook, Twitter and others

Padlock 800px

Two factor authentication (also called 2FA) is the term for a second form of authentication that is required before a web service allows you to log in. Many web users decide to combine that with their own vpn (check out the best vpn for canada for more information) to further increase their online security when making use of web services. Typically, 2FA is enabled by sending a text message with a one-time code to your mobile phone, which you then need to enter in addition to your password. (This is often referred to as needing to have “something you know” such as your password, and pairing it with “something you have” such as your phone.)

Decided to do a little research on a number of common web services, in the wake of the Heartbleed bug from this week. While engaging in a best practice such as using a different password for every site and managing those passwords through a password manager (e.g. LastPass or 1Password) can provide an increased level of security, enabling 2FA is another highly recommended tool in the personal security toolbox. So, without further ado, here are the links to enable 2FA for fifty top websites. If you see any errors, or have other sites to add, please leave them in the comments and I’ll try to update this list.



How to enable 2FA

Adobe Creative Cloud

Adobe Creative Cloud does not currently support 2FA.

N/a and Amazon Prime do not currently support 2FA.


Amazon Web Services (AWS)

“AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your username and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their username and password (the first factor – what they know), as well as for an authentication code from their AWS MFA device (the second factor – what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources.”

Apple iCloud

“Two-step verification is an optional security feature for your Apple ID. It requires you to verify your identity using one of your devices before you can:

Sign in to My Apple ID to manage your account.

Make an iTunes, App Store, or iBooks Store purchase from a new device.

Get Apple ID-related support from Apple.

Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account.”

Apple iTunes

“Two-step verification is an optional security feature for your Apple ID. It requires you to verify your identity using one of your devices before you can:

Sign in to My Apple ID to manage your account.

Make an iTunes, App Store, or iBooks Store purchase from a new device.

Get Apple ID-related support from Apple.

Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account.”

Bank of America

“The SafePass feature is Bank of America’s extra layer of protection against fraud and identity theft as you use Online Banking. The SafePass feature lets you authorize transactions using one-time, 6-digit Passcodes.”


“Add another layer of security to your account by enabling phone verification. Every time you sign in, we’ll send a text message to your mobile phone with a verification code. You can also verify your sign in with a phone call.

Phone verification will be applied to all the accounts you access with your ID. You’ll also be prompted for a security code on mobile devices.”


“For added security on your account, you can enable your smartphone as a second authentication method at login. Once two-factor authentication is setup, you will need to use it with your username and password at login.”


“Phone verification will be applied to all the accounts you access with your ID. You’ll also be prompted for a security code on mobile devices.”


BlueHost does not support 2FA.


“In order to enable 2-step login verifications for your users, navigate to the Security tab within Enterprise Settings. In the Application Management section, check the box next to the “Login verification” label. Please note that if Single Sign On (SSO) is enabled for your account, you will not be able to turn on 2-step login verification.”


“2-Step Login, adds an extra layer of security for your Buffer account. Whenever you log in to your account, after entering your username and password, you will be asked for a second authentication code that was sent to your mobile phone via text or free mobile app.”


CapitalOne does not support 2FA.


“When you first attempt to log in to Chase Online with using the Chase Mobile browser, we’ll ask you to verify that you own the accounts you want to access. To do this, you’ll need to request an Identification Code, which you can receive by phone, email or text message. When you receive your Identification Code, use it to complete the activation process and log in to the secure site on This helps protect your accounts from unauthorized access, even if someone has your login credentials.”


“With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers’ website security, but their account security as well. Therefore, we are excited to now offer two-factor authentication for all CloudFlare accounts.”


“Two-factor authentication is a great way to make your Coinbase account more secure.

What is it? Well, it’s a fancy word that basically means “getting a pin code on your cell phone” when you log in.”


“Multifactor Authentication is a way to increase the security of your account that requires you to enter additional one-time passcodes before you can gain access to your DreamHost account. It’s a smart move that can help to protect you from hackers and website hijackers.”


“Two-step verification is an optional but highly recommended security feature that adds an extra layer of protection to your Dropbox account. Once enabled, Dropbox will require a six-digit security code in addition to your password whenever you sign in to Dropbox or link a new computer, phone, or tablet.”


eBay itself does not seem to support 2FA, but purchases completed using eBay’s PayPal do support two factor authentication. Update: @tehdpeh has pointed out that eBay uses the same 2FA system as PayPal

Via PayPal


“When you first joined Etsy, you entrusted us with the responsibility to protect the personal information necessary to set up an account, make a purchase, or open a shop. In turn, we ensure that each new feature we launch on Etsy lives up to our high standards of security and Internet privacy. We are happy to share that today we’re launching three new optional security settings that offer Etsy members further control and visibility into their accounts. Additionally, as our platform has evolved in the last year, we’ve revisited our policies and are making several changes to our Privacy Policy. I’ll walk you through both below.”


“We take the security of your data very seriously. Several months ago, we introduced two-step verification along with several other security features. Today, we’re opening two-step verification up to everyone.”


“Facebook has always been committed to both protecting our users’ account and information, as well as giving them more control over their Facebook experience. From our User Operations team, who work to re-secure compromised accounts, to the Engineering team that designs and implements new security features like login notifications, one-time passwords, and remote session management, everyone at Facebook is working to ensure users have a safe, enjoyable experience.”


“Two-factor authentication, or 2FA, is a way of logging into websites that requires more than just a password. Using a password to log into a website is susceptible to security threats, because it represents a single piece of information a malicious person needs to acquire. The added security that 2FA provides is requiring additional information to sign in.

In GitHub’s case, this additional information is a code delivered to your cell phone, either as a text message (SMS) or generated by an application on your smartphone. After 2FA is enabled, GitHub generates a security code that is sent to your phone any time someone attempts to sign into your GitHub account. The only way someone can sign into your account is if they know both your password and have access to the security code on your phone.”


“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”


“Two-Step Authentication adds another layer of security to your account by texting you a validation code to enter whenever you log in or make important account changes.”

Google Apps

“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”


“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”


“HootSuite’s 2-Step Verification security feature uses Google Authenticator (powered by Google) to enhance the protection of your HootSuite account.

Google Authentication uses something your know (your password) and something you have (your mobile device). You will receive a short numeric code on your mobile device to enter in addition to your username and password. Each code has a one-time use, and a new code will regenerate every 30 seconds.

Paired with HootSuite’s Location Verification System, your HootSuite account has added protection no matter where you are.”


HostGator does not support 2FA.



Instagram does not support 2FA.


Intuit TurboTax

Intuit TurboTax does not support 2FA.



“Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in collaboration with the Google’s famous Authenticator App.”


“At LinkedIn, we are constantly looking for ways to improve the security of our members’ accounts. All LinkedIn accounts are already protected by a series of automatic checks that are designed to thwart unauthorized sign-in attempts. Now, we are introducing a new optional feature that adds another layer of security to your LinkedIn sign-in: two-step verification.”


“AlterEgo is a MailChimp app designed to add two-factor authentication to your account. Integrating AlterEgo with MailChimp helps keep your data safe by providing an additional layer of security that must be breached before an attacker can access your account. Because we feel so strongly about security, we also offer a 10% discount for MailChimp accounts integrated with AlterEgo.”


“The PayPal Security Key creates random temporary security codes that help safeguard your PayPal account when you log in. It comes in 2 types, each with different advantages:

Security key: You carry this small credit-card sized device with you. It creates a unique security code on the go.

Mobile phone security key: You can sign up to get security codes sent by text message to your mobile phone.”


Pinterest does not support 2FA.


“Two Factor Authentications – is a system wherein two different methods are used to authenticate. Using two factors as opposed to one delivers a higher level of authentication assurance.”


Secret does not support 2FA.



Snapchat does not support 2FA.



Soundcloud does not support 2FA.



StackOverflow does not support 2FA.



“Steam Guard is an additional level of security that can be applied to your Steam account. The first level of security on your account is your login credentials: your Steam account name and password. With Steam Guard, a second level of security is applied to your account, making it harder for your Steam account to fall into the wrong hands.”


SurveyMonkey does not support 2FA.



Target does not support 2FA.



“TFA makes it especially difficult for anyone other than you (e.g., hackers, exes, et al) to access your Tumblr account. How? Well, aside from your regular login info, you’ll need a couple extra things to get to your Dashboard:

Your phone (which you’ve password-protected, right?)

A unique, single-use code (sent via text or generated by an authenticator app)”


“Every day, a growing number of people log in to Twitter. Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web.

Today we’re introducing a new security feature to better protect your Twitter account: login verification.

This is a form of two-factor authentication. When you sign in to, there’s a second check to make sure it’s really you. You’ll be asked to register a verified phone number and a confirmed email address.”

Wells Fargo

WellsFargo does not support 2FA.


“The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry.

If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail/Dropbox/Lastpass/Amazon etc.

The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.”


“For Yahoo! checks not only the password when somebody-you, hopefully-attempts to log in to your account; it also looks at the location and computer whence the attempt is made. If one looks suspicious (say, a device you’ve never used before), Yahoo! Mail can require more than merely the password-if you have two-step authentication enabled.”


“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”