The team over at Google showed they understand this problem and implemented a groovy security feature to help protect against it called 2 Step Verification (also known as two factor authentication). We did a full write-up of the security feature over a year ago however in-light of all the security events on the net recently — I think it’s time we revisit Google’s 2 Step Verification in an attempt to remind everyone to get it enabled ASAP.
Before Enabling Google 2-Step Verification
A few things to note before we enable Google’s 2-step verification on your account.
Enabling 2-step verification will break email being delivered to your mobile device or Email Client via iMap or any other application like answers.groovypost.comwhich uses Google to authenticate you. Google allows you to create a one-off or application specific password for these apps / services. Only takes a few seconds to do but FYI.It’s important to setup a backup phone/device after enabling 2-step verification to prevent locking yourself out of your account. A backup phone can be setup to send TXT message codes or codes via a voice phone call. The process is simple but very important. Don’t skip this step.After 2-Step Verification has been enabled on your account, download and install the Google Authenticator App for your mobile. This will save you cash since you won’t need Google to send you txt messages any longer.That’s it. Continue forward and enable some delicious, groovy, Google security goodness right now.
How To Enable Google 2-Step Verification
Login into your GMail account and click your username at the top. This will open a context menu. Click Account under your name. Note – If you’re a Google Apps user, your System Administrator will need to enable 2-Step Authorization in the Admin console before the feature will be available for your account.
Click Security.
Under 2-step verification, Click Edit.
Sign in again when prompted (they make you login again for security reasons).
Get out your Mobile Phone and Click Start setup ».
Enter your Phone number and Click Send Code (note – do not use your Google Voice number. You need a mobile phone).
Google will send you a 6 digit TXT message to your phone. Enter it and click Verify.
By default, Google will trust the computer you’re currently using and not require the use of the 2-step verification from it for 30 days. I’m actually OK with this since my laptop never leaves me at anytime and I have a solid AV solution installed so I’m 99% confident I don’t have any malware installed. For maximum security however, feel free to uncheck it however getting started I recommend just keeping with the default.
Many applications on the net use your Google account to login however they don’t have an interface to ask for the 2-step verification code. The same goes for Mobile devices like my iPhone since email is delivered real-time. In these cases, Google allows you to create passwords for these devices. I’ll cover this in more detail later so forge ahead by clicking Create passwords or click Do this later to set them up later.
All done. 2-step verification for your Google Account is now enabled.
Note: Before you continue and test things out, I HIGHLY recommend you setup a backup phone just in case you lose your phone and need to login to your account. Just click the Add a phone number link as shown above and it will walk you through the simple process. To test thing out, logout of your Google account by clicking your username and Sign out.
When logging in, you will notice that after entering your Google username and password, Google will send your mobile phone a TXT message with a new six digit code and prompt you to enter it. Note, if you prefer to not have Google send you txt messages, download and install the Google Authenticator app for your Android or iPhone Mobile. It’s free and simple to use. Enter the code and click Verify
In this day and age of Malware bots and 0 day exploits, adding two factor authentication to your email accounts is no longer optional in my opinion. Although a bit inconvenient, it’s definitely better to spend a few minutes a day to keep your account and digital life secure than working weeks or even years cleaning up from an account compromise.
My recommendation is to try it again only this time — after enabling 2 step verification on your google account (by following the steps in this article), read this article: https://www.groovypost.com/howto/enable-google-authenticator-app-google-gmail-account/ This is the next article in the series which explains how to enable the Google Authenticator App on your iPhone or Android Mobile so that you don’t need to wait for Google to send you text messages. It works really well and should solve the problem you’re having on ALL your devices. Hope this works! Report back! -S Interesting factoid: Having disabled 2-step authentication, I thought I’d need to generate new application-specific password for those applications that need them–and to do that, I “revoked” the previously-generated ones. That did not see to impair the effectiveness of those previously generated passwords, however; I am receiving email on my Android, and through Outlook, without having to enter the new ones. All’s well that ends well–I do feel better about security with 2-step authentication in place. Thanks for the help! Yeah I should have mentioned in the article that once you move over to the Google Auth. App, you will no longer get the txt messages. I think that’s a good thing but might confuse a few ppl. Thnx for bringing that out @a1de4feb495b0795d0404382ce3e36bf:disqus. -S I do however recommend using the iPhone app vs txt messages. BTW I’m just learning “how to” do more on my computer/internet etc. I’m in the “over the hill” gang. :-) But anxious to learn. Groovypost is helping me “big time.” Thanks, Selftaopath Comment
Δ