Reddit has finally rolled out two-factor authentication (2FA) after months of testing with beta users, moderators, and third-party app developers. Reddit’s 2FA adds a second layer of security by prompting you to enter a 6-digit verification code generated by your phone after entering your password. The security tool works across desktop, mobile, and third-party apps, and requires an authenticator app like Google Authenticator, Authy, or any that supports the Time-based One-Time Password (TOTP) protocol.

To enable 2FA, log in to your Reddit account, click on preferences in the top menu, then select password/email. Select the option to enable two-factor authentication, then follow the prompts to complete set-up.

The extra security means that if someone else has your password, they still wouldn’t be able to log into your account. Reddit’s 2FA security can also generate ten backup codes, so if you lose your phone or have trouble with the authenticator app, you can still access your account with one those single-use codes. Obviously, these should be stored some place safe. Reddit doesn’t offer support for hardware tokens or codes sent over SMS.

Most websites offer 2FA, and though it can provide meaningful protection, it does have limitations. Earlier this week, a Google engineer revealed that more than 90 percent of active Gmail accounts don’t use 2FA. And remember, never ever reuse passwords that will assuredly end up in some deep web repository. Use a password manager to enable unique passwords instead.