(Credit: VectorKnight/Shutterstock)

If you're like most people, you use the same basic password for multiple websites, maybe changing a letter or number here and there, because multiple passwords and good passwords can be complicated to remember. We've talked a number of times about using a password manager to improve your passwords and eliminate the possibility of forgetting them.

But for that to really click, you need to pair password managers with app-based two-factor authentication (2FA). With this, the app generates a special code that only you can see, every thirty seconds, and you type that number into a website or app that supports it, after you've put in your user name and password. The website or app knows that the code is the right one because of how it synchronizes with your authenticator during the setup process.

SEE: How to use password manager apps and browser add-ons in 2019

App-based authentication is far more secure than SMS text messages, because texts can be intercepted or fail to arrive. But to be fair, 2FA apps do have one downside: If you lose access to the device that's generating your codes, it may be difficult or impossible to regain access to a given account.

Alternatively, you can use a cloud-based 2FA service like Authy (download for iOS or Android), in which case you only need to remember your Authy password -- but anyone else who gets that password will then have access to your 2FA codes. So 2FA systems won't solve all your problems, but they're generally much safer than sticking to your bad passwords and hoping that no one ever guesses or intercepts them.

Setting up app-based two-factor authentication on your Amazon account

Let's walk you through how the app-based setup process works, using the free Google Authenticator app as an example.

Step one is downloading the app for for iOS or Android, then going to a website you use that has the option for app-based two-factor authentication. The exact method varies from one website to the next, but we can use a popular example like Amazon to cover a lot of use cases. Here, activating 2FA will actually be a two-step process: enrolling your authenticator app in Amazon's 2FA program, then activating 2FA to protect your login process.

On a laptop or desktop PC, open a web browser and log into your Amazon account, then click this link to go directly to the account management page that lets you add the authenticator app. Then click the button next to Authenticator App, and whip out your phone to grab the QR code that appears.

When looking at your Amazon account page, the "Login & Security" section is where you can click to access your 2FA settings. (Credit: Screenshot: Tom McNamara/Download.com)

In the Google Authenticator app on your phone, tap the red "+" button in the lower right, then tap "Scan a barcode." This will activate the viewfinder for your phone's camera. Line up the viewfinder with the QR code on your computer's monitor, and the app should automatically grab the code and add it to its code library and start generating 2FA codes.

To complete the enrollment process, take the 6-digit code generated by the app for your Amazon account (it'll be tagged "Amazon" for easier identification), and enter it on Amazon's website, where it says "Enter code." Once you've entered the code, click the button labeled "Verify code and continue," and your Amazon account is now protected by app-based two-factor authentication.

To actually enable 2FA login protection, go to the Two Step Verification section of your Advanced Security Settings and click the Get Started button. Click Authenticator App, enter the 6-digit code that your app has just generated, and click the button labeled "Verify code and continue," and confirm by clicking the "Turn on Two-Step Verification" button.

(Technically, two-factor authentication requires the authenticating device to be separate from the one that you're using to log into something. So some websites will use the umbrella term "two-step verification" to cover scenarios where your phone is being used to both generate a code and log into something.)

If you've done everything correctly with Amazon 2FA, then your Advanced Security Settings page should look like this. (Credit: Screenshot: Tom McNamara/Download.com)

FOLLOW Download.com on Twitter for all the latest app news.

Gadget-based two-factor authentication

In some cases, the second factor doesn't even use a code generating app. Google, for example, offers the Titan Security Key, a fob that works via Bluetooth or USB to protect your Google accounts, though it currently only works with the company's Chrome web browser.

Without this physical device present and activated, you're not getting in -- though Google also has an odd habit of defaulting to trusting a web browser if it's successfully logged in recently.

So if locking down your Google account with a Titan key is particularly important to you, keep an eye out for pre-checked boxes on the company's login pages, and uncheck them before logging in.

Read more

Tom McNamara is a Senior Editor for CNET's Download.com. He mainly covers Windows, mobile and desktop security, games, Google, streaming services, and social media. Tom was also an editor at Maximum PC and IGN, and his work has appeared on CNET, PC Gamer, MSN.com, and Salon.com. He's also unreasonably proud that he's kept the same phone for more than two years.