Top Nav

Google Two Factor Authentication Roundup

Recently a high profile tech journalist was hacked, and it’s brought cloud computing security to the forefront. One of the much talked about security measures is enabling two factor authentication for your Google account.

What is Two Factor Authentication?

Unless you’re the geeky type or a long-time reader of groovyPost, you probably have no idea what people are talking about when they tell you to enable two factor authentication to tighten up your online security. The funny thing however, is you’ve probably been using two factor authentication your entire adult life and didn’t even know it!

To answer the question — two factor authentication requires you to both know something and have something in order to prove your identity.

  1. User must know something — Username, Password or Pin
  2. User must have something — ATM card, Smart Card, Company Badge, Birth Certificate etc…

Most websites like Amazon or email providers like Hotmail, Yahoo! Outlook.com etc.. only require you to know something to login. Normally this is a Username and a Password. This is considered one factor authentication since you only need to know something to gain access to your accounts.

Banks however are a little more picky. You can’t simply walk up to an ATM, enter a Username and a Password and start pulling out cash. They instead rely on a second factor, an ATM card before they let you pull cash out of an ATM. This is two factor authentication since you need to have something (the card) and know something (the PIN). 

Unlike banks, using two factor authentication in the online world is even easier since the “Card” can be a mobile app which displays a number every 60 seconds. This number, along with your normal username and password become your two factor authentication. And in the online world, this is very very important since most people normally don’t create a  strong passwords that can’t be guessed easily because they forget those strong passwords. Case and point was the Yahoo! account hack we talked about a few weeks ago where we found thousands of people were using easy-to-guess simple passwords. Had Yahoo! allowed two factor authentication (which they don’t) and the users had enabled it, it wouldn’t have been a story at all. Unfortunately that wasn’t the case.

And that’s what takes us to Google. Google is the one online email provider who has stepped up and enabled two factor authentication for its services including Gmail and all its other services like Adsense, Google Analytics and Google Apps. We’ve written about the service in-depth but here’s a quick refresh or roundup of our coverage on Google’s Two Factor Authentication Services.

How To Enable 2-Step Verification in Google

The first place to start is to enable 2-Step Verification to your Google account.

Editors Note: Don’t get confused… 2-Step verification is just what Google calls Two Factor authentication. It probably had something to do with a patent or legal branding.?.?

Anyway, Google has actually had this for well over a year. The process of enabling it is straight forward and painless. But I highly suggest you start by reading Steve Krause’s comprehensive article on How To Enable Two Factor Authentication for Google Accounts and Why You Should.

In his article Steve explains:

Once someone gains access to an email account, the attacker could use it to unlock other accounts using the “I forgot my password” feature common on most sites including my personal blogs, PayPal accounts, online banking, Dropbox and of course all of the data sitting in my Google Apps account.

2 step verification

Generate Application Specific Passwords

Now that you have Google Two Factor Authentication enabled, you’ll need to get your mobile email and other Google services to work with it. Once again, Steve brings you an article on How To Create Application Specific Passwords. The solution is a bit tedious, but important since it allows you to use two factor authentication services for accounts that aren’t built for it yet.

app specific

Google Authenticator for Mobile

Now that you have your desktop and other apps set to use 2-Step Verification, let’s simplify the process by installing a free two factor authentication mobile app from Google called Google Authenticator. The app replaces the txt messages Google normally sends you for the second factor. Very handy, free and will probably save you a few bucks from TXT message fees.

Once again, Steve wrote up all the details on how to install and configure it in his groovyPost How to enable and configure the Google Authenticator Mobile App

Google Authenticator AndroidGoogle Authenticator Mobile

Two Factor Authentication for Google Apps Users

If you’re a Google Apps admin, you can enable Two Factor Authentication for your Google Apps Users. By default the feature is disabled on Google Apps Domains. But system administrators can enable it in the Google Apps Admin Dashboard.

googleapps 2step

Take Time to Set Up 2-Step Verification

If you’re like me, you have a mobile device or two or three and a lot going on in Google. So, I suggest you set aside some time to get everything in sync. Depending on what you have, an hour should be plenty of time to get it all working. I found that after enabling Two Factor Auth for Google, it was extremely annoying trying to get things done efficiently afterwards. So, I set an hour aside and made sure all of my accounts and apps were working. Even after that, you’ll find a few that you missed, but it’s not as painful as enabling it and taking off.

While enabling Google’s two step verification the first time can be a bit annoying, once you have it all configured and setup on your mobile, it’s very simple to use and you’ll have peace of mind knowing that your data is more secure. Of course online and offline security is all about layers and there isn’t any silver bullet to make you 100% secure. The key is to make your accounts and home more secure than the guy next door (just kidding). Seriously, the key is to enable as many layers as possible and in my book, two factor authentication is one of the most important steps to online security you can take. Sure, two factor authentication makes things a little less convenient but, who said security was convenient? At least with Google Two Factor authentication, you won’t need to take off your shoes!

, , ,

One Response to Google Two Factor Authentication Roundup

  1. zwolfe August 23, 2012 at 5:32 am #

    After reading abouit the journalist who got hacked, I started implementing this the other day. It works great! Also, LastPass uses the Google authenticator, which is even better. I tried to implement this on PayPal; due to concerns raised by the Canadian gov’t, PayPal is not currntly sending SMS to Canadian cell phones. Tech support did offer send me a security key for free which is en route. I also tried to implement this on Facebook following one of your previous articles. I never received the SMS code from Facebook after multiple attempts to set up login approval for my phone. They also offer a code generator if your have the Facebook app on your phone (it only works for Android right now), but you still need to authorize your phone on your account, which relies on having your phone login approved, which can’t be done due to lack of SMS. I guess Facebook can’t send those codes to Canada either, and since they have no live support, this feature appears to be unavailable for Canadian customers. Glad I have no friends and only use Facebook for contests. :) I can’t wait until more sites set up two step auth., and I hope they choose to go with the Google authenticator like LastPass did.

Leave a Reply

 

×

Amazon Kindle Fire HD7 $114 - Limited Time Only Learn more