Go to id.raspberrypi.com in your browser and click on "sign up".

This will take you to an account creation page. Enter your email along with a password. You will need to type the password a second time in the password confirmation box.

If your password matches, the service will send an email to the email address you entered. Go to your inbox and open the email, then click on the "Verify email" button in the email.

You will be signed into the identity service.

After creating a Raspberry Pi ID, you can log in to Raspberry Pi services using the "Sign in with Raspberry Pi" button to sign in with your Raspberry Pi ID.

You will need to download an app to your phone that will generate the TOTP. One of the most commonly used is Google Authenticator. It’s available for both Android and iOS, and there is even an open source version of the app available on GitHub.

So go ahead and install Google Authenticator, or another 2FA app like Authy on your phone before going any further.

To enable 2FA, click on the “Two-factor authentication” option when signed in to the identity service.

Open the Google Authenticator app on your phone and tap the plus sign (+) at the top right, then tap on “Scan barcode”.

Your phone will ask you whether you want to allow the app access to your camera; you should say “Yes”. The camera view will open. Position the QR code squarely in the green box on the screen. As soon as your phone app recognises the code, the authenticator app will add your new account, and will start generating TOTP codes automatically.

Now you should go ahead and enter the six-digit TOTP generated by your authenticator app on your phone into the Raspberry Pi ID service.

If you enter the TOTP correctly, you will see a confirmation screen with a recovery code.

You’ll now need your phone, and a TOTP, every time you log in to Raspberry Pi services. But because of that, you’ve just given a huge boost to the security of your devices on the service.