How To Enable Two Factor Auth for Google Accounts and Why You Should
In this day and age of Malware bots and 0 day exploits, adding two factor authentication to your email accounts is no longer optional in my opinion. Here’s the simple process for enabling Google’s 2-Step Verification feature to your account.
There are very few things that could happen in my life that would be worse than having my personal email accounts compromised. Not only is it a significant invasion of privacy, but it’s also just the start of what could lead to a complete privacy meltdown of my life. I say this because once someone gains access to an email account, the attacker could use it to unlock other accounts using the “I forgot my password” feature common on most sites, including my personal blogs, Paypal accounts, online banking, Dropbox and of course all of the data sitting in my Google Apps accounts (Inbox, Calendar, Contacts, etc…).
The team over at Google showed they understood this problem and implemented a Groovy security feature to help protect against it called 2 Step Verification (also known as two-factor authentication). We did a full write-up of the security feature over a year ago; however, in light of all the security events on the net recently — I think it’s time we revisit Google’s 2-Step Verification in an attempt to remind everyone to get it enabled ASAP.
Before Enabling Google 2-Step Verification
A few things to note before we enable Google’s 2-step verification on your account.
- Enabling 2-step verification will break email being delivered to your mobile device or Email Client via iMap or any other application like forum.groovypost.com, which uses Google to authenticate you. Google allows you to create a one-off or application-specific password for these apps/services. Only takes a few seconds to do, but FYI.
- It’s important to set up a backup phone/device after enabling 2-step verification to prevent locking yourself out of your account. A backup phone can be set up to send TXT message codes or codes via a voice phone call. The process is simple but very important. Don’t skip this step.
- After 2-step Verification has been enabled on your account, download and install the Google Authenticator App for your mobile. This will save you cash since you won’t need Google to send you text messages any longer.
- That’s it. Continue forward and enable some delicious, groovy Google security goodness right now.
How To Enable Google 2-Step Verification
Login into your Gmail account and click your username at the top. This will open a context menu. Click Account under your name.
Note – If you’re a Google Apps user, your System Administrator will need to enable 2-Step Authorization in the Admin console before the feature will be available for your account.
Click Security.
Under 2-step verification, Click Edit.
Sign in again when prompted (they make you log in again for security reasons).
Get out your Mobile Phone and Click Start setup >>.
Enter your Phone number and Click Send Code (note – do not use your Google Voice number. You need a mobile phone).
Google will send you a 6-digit TXT message to your phone. Enter it and click Verify.
By default, Google will trust the computer you’re currently using and not require the use of the 2-step verification from it for 30 days. I’m actually OK with this since my laptop never leaves me at any time, and I have a solid AV solution installed, so I’m 99% confident I don’t have any malware installed.
For maximum security, however, feel free to uncheck it. However, getting started, I recommend just keeping with the default.
Many applications on the net use your Google account to log in. However, they don’t have an interface to ask for the 2-step verification code. The same goes for Mobile devices like my iPhone since email is delivered in real-time. In these cases, Google allows you to create passwords for these devices. I’ll cover this in more detail later, so forge ahead by clicking Create passwords or clicking Do this later to set them up later.
All done. 2-step verification for your Google Account is now enabled.
Note: Before you continue and test things out, I HIGHLY recommend you set up a backup phone just in case you lose your phone and need to log in to your account. Just click the Add a phone number link as shown above, and it will walk you through the simple process.
To test things out, log out of your Google account by clicking your username and Sign out.
When logging in, you will notice that after entering your Google username and password, Google will send your mobile phone a TXT message with a new six-digit code and prompt you to enter it. Note, if you prefer not to have Google send you text messages, download and install the Google Authenticator app for your Android or iPhone Mobile. It’s free and simple to use.
Enter the code and click Verify.
In this day and age of Malware bots and 0-day exploits, adding two-factor authentication to your email accounts is no longer optional, in my opinion. Although a bit inconvenient, it’s definitely better to spend a few minutes a day to keep your account and digital life secure than working weeks or even years cleaning up from an account compromise.
10 Comments
Steve Krause
June 18, 2012 at 12:20 am
Hi Shottle — Thanks for the question. I’m not sure why you couldn’t get Google to send you a text on your second computer.
My recommendation is to try it again only this time — after enabling 2 step verification on your google account (by following the steps in this article), read this article:
https://www.groovypost.com/howto/enable-google-authenticator-app-google-gmail-account/
This is the next article in the series which explains how to enable the Google Authenticator App on your iPhone or Android Mobile so that you don’t need to wait for Google to send you text messages. It works really well and should solve the problem you’re having on ALL your devices.
Hope this works! Report back!
-S
ShottleBop
June 21, 2012 at 6:17 pm
OK. I’ve got 2-step set up on my personal work computer (a Windows 7 machine I bought this January when I first became unemployed), a Windows XP machine that a firm I contract with makes available for me to use, and on my personal MacBook Pro (love that solid metal case). I THINK I’ve figured out what I was doing wrong: after setting up the first machine, I set up my Android and downloaded and installed Google Authenticator. I did not realize that, once I had Authenticator, I no longer needed to get a text–that the Authenticator would generate the codes for me.
Interesting factoid: Having disabled 2-step authentication, I thought I’d need to generate new application-specific password for those applications that need them–and to do that, I “revoked” the previously-generated ones. That did not see to impair the effectiveness of those previously generated passwords, however; I am receiving email on my Android, and through Outlook, without having to enter the new ones.
All’s well that ends well–I do feel better about security with 2-step authentication in place. Thanks for the help!
ShottleBop
June 21, 2012 at 6:43 pm
Spoke too soon–I did, in fact, have to use a new application-specific password.
Steve Krause
June 21, 2012 at 10:04 pm
OK yeah — I was gonna say…… that’s not good!
Yeah I should have mentioned in the article that once you move over to the Google Auth. App, you will no longer get the txt messages. I think that’s a good thing but might confuse a few ppl. Thnx for bringing that out @a1de4feb495b0795d0404382ce3e36bf:disqus.
-S
Steve Krause
July 2, 2012 at 6:47 pm
Article updated.
Alexmvp
June 22, 2012 at 8:35 am
Ok. I finially enabled it and yeah, very cool. Thnx.
I do however recommend using the iPhone app vs txt messages.
Steve Krause
June 22, 2012 at 10:06 am
It saves on the TXT message cost yes! I’ll add the link to this article on that.
Keoki Ciervo
July 24, 2012 at 7:19 pm
Unfortunately this does not seem available for those individuals wanting verification codes sent vie another means other than a Smart Phone. I’m currently in rural Thailand, and do not have use of an iPhone etc..
BTW I’m just learning “how to” do more on my computer/internet etc. I’m in the “over the hill” gang. :-) But anxious to learn. Groovypost is helping me “big time.”
Thanks,
Selftaopath
Gail Eichner
June 24, 2013 at 7:57 am
I usually just read ‘some’ of your posts, w/intent to keep in mind the ones that apply to me and they usually do not. Because an accounting firm’s management is changing from one to another I realized my husband & I needed a joint email for our financial accounts which up until now, I managed. So I set up a gmail account – which was no walk in the park – now you have informed us of the future with Google, I almost feel like wiping it out & going to hotmail, which also has been complicated by Windows 8, because it wants emails to be secondary to its Outlook.com. Not your fault, but today’s ‘post’ has me in in overload. @66 I’m proud that I buid & run church websites using 3rd pary boiler plates, but the deeper we get into digital “must do banking & investment management by pc!!!” – the more the ‘older’ brain has to keep up to date with. as the population ages, as projections show, soon half the country will not be able to mamage their financial world without a pc degree and… Constant continuing ed! I am very much afraid that age & progressmare working against the boomers!
Corinne Anne Preis
March 1, 2020 at 2:59 pm
If I receive a text from Google giving me an authentication code, but I did not request it, what can I do to find any information regarding finding the person who is trying to access my account. It’s been happening constantly for the last few months.