Google Two-Step Verification: Double Protecting Your Account

By James Green ~ September 14th, 2013 11:21 PM MST

When it comes to online security there is no such thing as “too much protection.” This is especially true with regard to Google accounts. Google accounts have access to much more than emails; Google Wallet has access to credit card information, and Google Drive has access to personal and professional documents. If only it were possible to protect all of this sensitive information with more than a password…

Enter Two-Step Verification. Google now offers a form of authentication similar to what has been used in the banking industry for several years. The first step in two-step verification is still the use of a password. The second step of the two-step verification is designed to verify the identity of anyone attempting to log in to you Google Account; this is done by sending a unique, six digit security code to the account owners phone number. This ensures that anyone attempting to access your Google account must have physical access to your phone or be able to contact you for the security code (and thus receive your permission to access the account). Two-step verification is a great way to prevent hackers from gaining remote access to your Google account and the sensitive information contained therein.

It takes less than 10 minutes to enable two-step verification. The setup process for two-step verification can be completed via a computer or with a mobile device. For your convenience we have created a step by step tutorial for each process.

Click here for Setting up Google Two-Step Verification (Computer Tutorial)

Click here for Setting up Google Two-Step Verification (Mobile Device Tutorial)

Certain applications on smartphones require access to your Google account such as email clients (Outlook) or chat clients (Google Talk). These applications will require a special password to be created in the two-step verification dashboard. Setting up these passwords is easy and we have created a guide for this process as well.

Click here for the Setting up Application Specific Passwords

Setting Up Google Two-Step Verification (Computer Tutorial)

1.) Log in to your Google Account. Once you have logged in to your account select the drop down menu in the top right corner of the Google.com home page. From the drop down menu click the  “Account” button and you will be directed your Google account settings page.

CompStep1a

2.) Select “Security” from the menu that runs down the left side of the Account settings page. This will direct you to the page where you can edit your two-step verification settings. CompStep2

3.) The fourth option on the security page is “2-Step Verification”. In this section you should see that the “Status” is currently “OFF.” To begin the set-up process and enable Two-step verification select “Edit” link. CompStep3

4.) You should now see the following content on your screen. Select the “Start Setup” button.

CompStep4 5.) Because this is a security change to your account you will be asked to confirm you identity by entering your login information again. You will not be asked for you password again during process.

CompStep5 6.) Once you have re-entered your login credentials you will be present with a screen requesting a phone number. The phone number you enter will be the phone number that receives the six digit security code, be sure to choose a phone number you will consistently have access to such as a mobile phone. On this screen you will also select to receive the security code via text message, or voice call.

CompStep6a

7.) The phone will immediately receive either a text message or a voice call (depending on your selection) with your six digit security code. Enter the six digit security code in to the text box on this screen and select the blue “Verify” button.

CompStep7a

8.) There is an option to “Trust this Computer” which will remember the computer in the future so you are not required to enter a new security code every time you log in to your account. Please only select “Trust this Computer” if it is a personal or business computer, do not trust a public or shared computer.

CompStep8a

9.) Finally, select “Confirm” to enable two-step verification for your Google account!

CompStep9

If you use applications on your mobile device that require the ability to log in to your Google Account you will need to set up “Application Specific Passwords.” Click here to skip ahead to our Setting up Application Specific Passwords tutorial.

Setting up Google Two-Step Verification (Mobile Device Tutorial)

1.) Open the device browser and navigate to Google.com and scroll down to the bottom of the page. The footer contains a link that reads “Privacy & Terms,” click on this link.

mobileStep1

2.) From the Privacy & Terms page scroll down until you see the heading “2-Step Verification.”  In the section under this heading click the link that reads ”Find out how to set up 2-step verification.”

mobileStep2

3.) On the 2-step verification page click the blue button that read “Get Started.”

mobileStep3

4.) Now you will be required enter your login username and password to log in to your Google account.

mobileStep4

5.) Click the blue button on the right side of the screen that reads “Start Setup.”

mobileStep5

6.) You can download the Google Authenticator application or you can skip this step and receive the security code via Text message or Voice Call. In our experience we found the Text messaging and Voice Call options to be easier.

mobileStep6

7.) On this screen you will be required to enter the phone number you wish to receive the security codes to. Choose a phone number that can be accessed at any time, such as a mobile phone number. You can also select whether or not you wish to receive the security code via text message or voice call. Once you have entered your phone number and made your selection click the blue button the reads “Send Code.”

mobileStep7

8.) You will immediately receive your first security code via your chosen method (text message or voice call). Retrieve the security code and enter the code into the text box on this page. Click the blue “Verify” button to continue.

mobileStep8mobileStep8a

 

9.)  There is an option to “Trust this Computer” which will remember the computer in the future so you are not required to enter a new security code every time you log in to your account. Please only select “Trust this Computer” if it is a personal or business computer/mobile device, do not trust a public or shared computer/mobile device.

mobileStep9

10.) The final step to enable two-step verification for your Google account is to click the blue “Confirm” button.

mobileStep10

Setting up Application Specific Passwords

Applications that require access to your Google account such as email clients (outlook) or chat clients (Google Talk) will require a new password to be created. The password will need to be generated in the Two-Step verification dashboard and will be unique for each application. If you ever lose a password the Two-Step verification dashboard keeps track of the passwords for you.

1.)    Log in to your Google account and click “Account” from the drop down menu.

Password1

2.)    Select “Security” from the menu on the left side of the page.

Password2a

3.)    Scroll down the “2-Step verification” section and select the “Manage your application specific passwords” link.

Password3

4.)    Enter a reference name that will help you remember which application the password is associated with. Then click the “Generate Password” button.

Password4

5.)    A password will be generated for you, take this password and enter it into the log in settings of the appropriate application on your mobile device. The two-step verification dashboard will save your password history should you lose the password for any reason.

Password5

James Green is a mobile security researcher who has worked in the Android security field for several years providing privacy and security advice to Android users. Email: James@ArmorforAndroid.com; Twitter: @James_AfA