Google Two Factor Authentication Roundup
Two Factor Authentication has been receiving a lot of attention lately as a Cloud based computing security practice. Here’s a round up of our best articles to guide you through the process of using it with your Google accounts and services.
Recently a high profile tech journalist was hacked, and it’s brought cloud computing security to the forefront. One of the much talked about security measures is enabling two factor authentication for your Google account.
What is Two Factor Authentication?
Unless you’re the geeky type or a long-time reader of groovyPost, you probably have no idea what people are talking about when they tell you to enable two factor authentication to tighten up your online security. The funny thing however, is you’ve probably been using two factor authentication your entire adult life and didn’t even know it!
To answer the question — two factor authentication requires you to both know something and have something in order to prove your identity.
- User must know something — Username, Password or Pin
- User must have something — ATM card, Smart Card, Company Badge, Birth Certificate etc…
Most websites like Amazon or email providers like Hotmail, Yahoo! Outlook.com etc.. only require you to know something to login. Normally this is a Username and a Password. This is considered one factor authentication since you only need to know something to gain access to your accounts.
Banks however are a little more picky. You can’t simply walk up to an ATM, enter a Username and a Password and start pulling out cash. They instead rely on a second factor, an ATM card before they let you pull cash out of an ATM. This is two factor authentication since you need to have something (the card) and know something (the PIN).
Unlike banks, using two factor authentication in the online world is even easier since the “Card” can be a mobile app which displays a number every 60 seconds. This number, along with your normal username and password become your two factor authentication. And in the online world, this is very very important since most people normally don’t create a strong passwords that can’t be guessed easily because they forget those strong passwords. Case and point was the Yahoo! account hack we talked about a few weeks ago where we found thousands of people were using easy-to-guess simple passwords. Had Yahoo! allowed two factor authentication (which they don’t) and the users had enabled it, it wouldn’t have been a story at all. Unfortunately that wasn’t the case.
And that’s what takes us to Google. Google is the one online email provider who has stepped up and enabled two factor authentication for its services including Gmail and all its other services like Adsense, Google Analytics and Google Apps. We’ve written about the service in-depth but here’s a quick refresh or roundup of our coverage on Google’s Two Factor Authentication Services.
How To Enable 2-Step Verification in Google
The first place to start is to enable 2-Step Verification to your Google account.
Editors Note: Don’t get confused… 2-Step verification is just what Google calls Two Factor authentication. It probably had something to do with a patent or legal branding.?.?
Anyway, Google has actually had this for well over a year. The process of enabling it is straight forward and painless. But I highly suggest you start by reading Steve Krause’s comprehensive article on How To Enable Two Factor Authentication for Google Accounts and Why You Should.
In his article Steve explains:
Once someone gains access to an email account, the attacker could use it to unlock other accounts using the “I forgot my password” feature common on most sites including my personal blogs, PayPal accounts, online banking, Dropbox and of course all of the data sitting in my Google Apps account.
Generate Application Specific Passwords
Now that you have Google Two Factor Authentication enabled, you’ll need to get your mobile email and other Google services to work with it. Once again, Steve brings you an article on How To Create Application Specific Passwords. The solution is a bit tedious, but important since it allows you to use two factor authentication services for accounts that aren’t built for it yet.
Google Authenticator for Mobile
Now that you have your desktop and other apps set to use 2-Step Verification, let’s simplify the process by installing a free two factor authentication mobile app from Google called Google Authenticator. The app replaces the txt messages Google normally sends you for the second factor. Very handy, free and will probably save you a few bucks from TXT message fees.
Once again, Steve wrote up all the details on how to install and configure it in his groovyPost How to enable and configure the Google Authenticator Mobile App.
Two Factor Authentication for Google Apps Users
If you’re a Google Apps admin, you can enable Two Factor Authentication for your Google Apps Users. By default the feature is disabled on Google Apps Domains. But system administrators can enable it in the Google Apps Admin Dashboard.
Take Time to Set Up 2-Step Verification
If you’re like me, you have a mobile device or two or three and a lot going on in Google. So, I suggest you set aside some time to get everything in sync. Depending on what you have, an hour should be plenty of time to get it all working. I found that after enabling Two Factor Auth for Google, it was extremely annoying trying to get things done efficiently afterwards. So, I set an hour aside and made sure all of my accounts and apps were working. Even after that, you’ll find a few that you missed, but it’s not as painful as enabling it and taking off.
While enabling Google’s two step verification the first time can be a bit annoying, once you have it all configured and setup on your mobile, it’s very simple to use and you’ll have peace of mind knowing that your data is more secure. Of course online and offline security is all about layers and there isn’t any silver bullet to make you 100% secure. The key is to make your accounts and home more secure than the guy next door (just kidding). Seriously, the key is to enable as many layers as possible and in my book, two factor authentication is one of the most important steps to online security you can take. Sure, two factor authentication makes things a little less convenient but, who said security was convenient? At least with Google Two Factor authentication, you won’t need to take off your shoes!
After reading abouit the journalist who got hacked, I started implementing this the other day. It works great! Also, LastPass uses the Google authenticator, which is even better. I tried to implement this on PayPal; due to concerns raised by the Canadian gov’t, PayPal is not currntly sending SMS to Canadian cell phones. Tech support did offer send me a security key for free which is en route. I also tried to implement this on Facebook following one of your previous articles. I never received the SMS code from Facebook after multiple attempts to set up login approval for my phone. They also offer a code generator if your have the Facebook app on your phone (it only works for Android right now), but you still need to authorize your phone on your account, which relies on having your phone login approved, which can’t be done due to lack of SMS. I guess Facebook can’t send those codes to Canada either, and since they have no live support, this feature appears to be unavailable for Canadian customers. Glad I have no friends and only use Facebook for contests. :) I can’t wait until more sites set up two step auth., and I hope they choose to go with the Google authenticator like LastPass did.
thank you I have been using the google authenticator.
After reading this I decided to begin the Groovy Process of increasing the Security & Passwords for the accounts I access online.
I’ll write an Article about this (or at least the password vault)
1. Created a simple Excel spreadsheet (encrypted) and made a list of all the website accounts
2. Installed a new password vault software on a my home PC (Microsoft Windows Workstation)
3. change my passwords to phrases that include crazy characters and spaces
4. updated the password vault software
5. uploaded a copy of the password vault database file to a secured cloud backup service.
to be continued….
I have tried to set up several times can’t figure out how to scan bar code I download apps. But since barcode is on my phone I don’t understand how to use scanner on same devic. So entering the info but every time it come up invalid. Also do I have to get new code Everytime I log in if so how do I find my new bar code or code it comes up first time I try to enter or set up app. Only