There are very few things that could happen in my life which would be worse than having my personal email accounts compromised. Not only is it a significant invasion of privacy, but it’s also just the start to what could lead to a complete privacy meltdown of my life. I say this because once someone gains access to an email account, the attacker could use it to unlock other accounts using the “I forgot my password” feature common on most sites including my personal blogs, Paypal accounts, online banking, Dropbox and of course all of the data sitting in my Google Apps accounts (Inbox, Calendar, Contacts etc…).
The team over at Google showed they understand this problem and implemented a groovy security feature to help protect against it called 2 Step Verification (also known as two factor authentication). We did a full write-up of the security feature over a year ago however in-light of all the security events on the net recently — I think it’s time we revisit Google’s 2 Step Verification in an attempt to remind everyone to get it enabled ASAP.
Before Enabling Google 2-Step Verification
A few things to note before we enable Google’s 2-step verification on your account.
- Enabling 2-step verification will break email being delivered to your mobile device or Email Client via iMap or any other application like answers.groovypost.comwhich uses Google to authenticate you. Google allows you to create a one-off or application specific password for these apps / services. Only takes a few seconds to do but FYI.
- It’s important to setup a backup phone/device after enabling 2-step verification to prevent locking yourself out of your account. A backup phone can be setup to send TXT message codes or codes via a voice phone call. The process is simple but very important. Don’t skip this step.
- After 2-Step Verification has been enabled on your account, download and install the Google Authenticator App for your mobile. This will save you cash since you won’t need Google to send you txt messages any longer.
- That’s it. Continue forward and enable some delicious, groovy, Google security goodness right now.
How To Enable Google 2-Step Verification
Login into your GMail account and click your username at the top. This will open a context menu. Click Account under your name.
Note – If you’re a Google Apps user, your System Administrator will need to enable 2-Step Authorization in the Admin console before the feature will be available for your account.
Under 2-step verification, Click Edit.
Sign in again when prompted (they make you login again for security reasons).
Get out your Mobile Phone and Click Start setup >>.
Enter your Phone number and Click Send Code (note – do not use your Google Voice number. You need a mobile phone).
Google will send you a 6 digit TXT message to your phone. Enter it and click Verify.
By default, Google will trust the computer you’re currently using and not require the use of the 2-step verification from it for 30 days. I’m actually OK with this since my laptop never leaves me at anytime and I have a solid AV solution installed so I’m 99% confident I don’t have any malware installed.
For maximum security however, feel free to uncheck it however getting started I recommend just keeping with the default.
Many applications on the net use your Google account to login however they don’t have an interface to ask for the 2-step verification code. The same goes for Mobile devices like my iPhone since email is delivered real-time. In these cases, Google allows you to create passwords for these devices. I’ll cover this in more detail later so forge ahead by clicking Create passwords or click Do this later to set them up later.
All done. 2-step verification for your Google Account is now enabled.
Note: Before you continue and test things out, I HIGHLY recommend you setup a backup phone just in case you lose your phone and need to login to your account. Just click the Add a phone number link as shown above and it will walk you through the simple process.
To test thing out, logout of your Google account by clicking your username and Sign out.
When logging in, you will notice that after entering your Google username and password, Google will send your mobile phone a TXT message with a new six digit code and prompt you to enter it. Note, if you prefer to not have Google send you txt messages, download and install the Google Authenticator app for your Android or iPhone Mobile. It’s free and simple to use.
Enter the code and click Verify
In this day and age of Malware bots and 0 day exploits, adding two factor authentication to your email accounts is no longer optional in my opinion. Although a bit inconvenient, it’s definitely better to spend a few minutes a day to keep your account and digital life secure than working weeks or even years cleaning up from an account compromise.