The “Heartbleed” bug, an encryption flaw that could expose usernames and passwords stored on about two-thirds of Internet servers, has given the Web-surfing world cause for concern and plenty of password changes. But there’s another step you should always take where possible to keep yourself safe online: two-step verification. Two-step verification is offered by just about every major Web service nowadays (with exceptions for Amazon and AOL, and a few financial institutions, all who should get working on that ASAP). When you’ve activated it, and there’s never a reason not to, you’ll be prompted to enter a special code—generally sent via text message—whenever you (or someone else) attempts to log in to your account from an unknown device. Some services even let you set it to require a code at every single login, though that probably isn’t necessary.