Staff have become increasingly aware of accounts getting compromised either because users are using the same password across multiple sites, or they are not using a secure enough password. On a regular basis we see failed login attempts from people using proxies trying to bruteforce their way into accounts. We have decided that the best solution for the problem is to open up our two-factor authentication system to all users. This feature has been limited to staff for a while to ensure all staff accounts were safe from such attacks.
What do you need? A smartphone and a supported two-factor authentication app. The Google Authenticator app can be used for Android, iPhone and BlackBerry smartphones and Authenticator for anyone brave enough to use a Windows Phone. In a nutshell, the authentication works based on a value unique to you. The system does not use SMS to authenticate, so you can be rest assured your phone number is not linked to us in any way.
To enable this feature, simply go to your edit profile page and click on the 'Enable' checkbox beside 'Two-Factor Authentication'. You will then be presented with a QR code that you scan using your app. Your app will then display a verification code that you must enter into the input box below the QR code. Finally, save your profile to complete the verification process. If you receive any verification failures, make sure your phone time is sync'd (use network time in your phone settings for better accuracy). You also only have a 30 second window before the code expires. Try it a few times before posting any issues on the forums.