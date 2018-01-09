Using two-factor verification makes sure that you — and only you — have access to your Google account.
In light of the recent security issues surrounding Meltdown and Spectre, we refreshed this content in January 2018.
Security breaches happen. This one saw 273.3 million email accounts — including Gmail accounts — compromised. This is why we strongly recommend enabling two-step verification (or two-step authentication, as it's also known) for your Google account.
This process will put a stop to anyone's efforts to access anything — including Gmail and all other Google services — that uses your Google account credentials when logging in because you need more than a password to verify that you are the account owner.
What is two-step verification?
Two-step verification adds an extra layer of security to your account. Think in terms of withdrawing cash from an ATM — you must insert your card and enter a personal identification number. In the case of a Google account, with two-step verification enabled, you must enter a password and a code that is sent to your phone by call or text, or through an authenticator app on your phone.
Although it will now require extra steps to access your Google account, two-step verification is invaluable. Using two methods to authenticate who you effectively doubles your account security, and makes sure you're only able to log in if you have both the right password and a valid authentication token. It is still recommended to change your current Google password if you haven't already. Without further ado, let's enable two-step verification.
Use Google's simple two-step authentication
Google has it's own very simple two-step verification system. It's something the company debuted in mid-2017 and the setup is simple — Google will send a verification code to the phone number registered with your account, and once you reply with the code you're enrolled.
Then, whenever you need to sign into your Google account on a new device you'll get a notification on your phone. Tap it and you are good to go. it couldn't be more simple, and it's easy to switch phones or numbers in your Google account settings via any web browser if you lose your phone or change your number.
If you'd rather use the more traditional way, read on!
How to enable two-step verification in the Google Authenticator app
You can use "traditional" two-factor authentication with your Google account, where you get a code through a message or an authenticator app. Here's what you need to do.
- Launch your web browser from your computer desktop.
Type g.co/2sv into the address bar.
- Type in your password.
Click on Sign In.
- Click Off under 2-Step Verification.
Click Turn On.
- Type in your password.
Click on Sign In.
- Click on the flag drop-down menu and select your country.
Type in your phone number.
- Select either Text message or Phone call.
Click on Try It. You will receive a text message or phone call containing your code.
- Type in the code you received on your phone.
Click on Next.
Click Turn On.
Now you have two-factor verification enabled for your Google account. Next, let's have a look how to enable the Google Authenticator app on your phone to make things even more secure and convenient.
How to prepare your account for the Google Authenticator app on Android
Click on this link from your computer to get started.
- Click on Next
Click on Switch to app.
- Click on Android.
Click Continue. You will now see a barcode on your computer screen. Keep this barcode on your screen and continue with the steps below.
- Tap the Play Store on the Home screen of your Android phone.
- Type in Google Authenticator in the search bar.
Tap the Search button.
- Tap the Google Authenticator app. It's the result by Google Inc.
- Tap the Install button.
Tap the Accept button.
- Tap the Open button when the download is complete.
- Tap on Begin Setup.
Tap on Scan a barcode.
- Scan the barcode visible on your computer screen.
- Tap on Open browser.
Tap on OK.
Now, instead of getting a text or voice message with a verification code, you will use a unique code in the Google Authenticator app every time you log in to your Google account on any device. This code changes every 30 seconds, and when you use it, it has to match the current code that Google is expecting for that time window. Anyone attempting to access your account who doesn't have your phone in their hands will not receive the code and will thus be unable to log in. Safety first, everyone!
Conclusion
Even though your Google account might have been spared this time, there is no telling when another hack or leak can occur. Any service that offers two-step verification should be taken advantage of, as it essentially puts a firm stop to unverified access attempts. Stay safe!
Reader comments
How to Enable 2-Step Verification in Gmail
Thanks for the info I got tired of doing the text message way
This is a great article, thanks. Definitely use Authy though instead of Google Authenticator. I do and use it on multiple devices and PCs. Works like a charm.
Having carefully followed your instruction step by step, I got stucked on my phone number (+2348027170338) as I was told each time that the number is invalid, try again. Grateful you could please inbox me the format for typing phone number (Nigeria). You may wish to note that this is the same number I have in my Account Recovery option. Thanks.
This is a great article. Thanks. I encountered a problem when I did this, as MS Outlook on my Windows PC couldn't log in to my Gmail account once I had 2 Step Verification turned on. Google has a great article explaining how to fix this:
https://support.google.com/accounts/troubleshooter/3141849#ts=3141812%2C...
Great information, just did tsa on my Nexus 6p.
I'd use Authy instead of Google Authenticator, because it's multiplatform and can be used from any of your devices.
I don't use my Google log in credentials across other accounts and websites and I already use TFA. Still I had not changed my password since 2014 so I changed it anyway.
Posted with my LG G4 6.0 via the Android Central App
What they didn't tell you is WHY you need this........G Mail, Yahoo and several other email accounts have been hacked several days ago!
The very first paragraph already says that.
Thanks again for your time to show us folks how to secure our accounts. I didn't even know about tfa until today lol. I'm emailing this link to all my friends and family.
Thanks! Finally set mine up! Microsoft too!
Posted via my glorious Nexus 6P
I remain logged into my Google account on all of my devices, so if I use the two-step authentication, does that mean I'll have to log in more often, or is it still just a one-time thing as long as I don't log out?
Thanks!
One time thing to authenticate a valid device
Posted via my glorious Nexus 6P
How does it work when logging into an Android phone? Will I still be able to receive the code by text even if I'm not logged into my Google account on the phone? I've never tried to use my phone without already being logged into my Google account, so I don't know if texts still work.
When setting up Android phones and you have 2fa, the phone will prompt you with a web login after you give it a correct password. That's when you whip out Authenticator or Authy from another device.
What if I lose my phone? Then I'm SOL?
There are a few ways around this. Google allows you to download emergency passwords that you can either print out, or, copy past them into a password manager. My old phone broke last weekend and was able to get right back in using one of those codes when I set up my new phone. If you make sure you have a phone number tied to your account then when you try to log in you can still have it send a code by SMS once you get your new phone.
This needs to be shown to more people...
There is one big problem with SMS token autentication: it can be problematic across borders unless one subscribes to international plan. For the few times I leave the US, it's not worth it.
Which is one of many reasons to use an authenticator app rather than SMS codes
It's best to assume I'm being sarcastic. if I'm ever serious I'll type "/s" to make it clear.
Some banks give you an option to either use SMS authentication, or use a provided gadget that generates one-time codes. I like that idea but it would require a separate gadget for every account you have elsewhere. Not very practical. I'm not familiar with the authenticator app you are referring to.
Search for Google authenticator or Authy in the play store. It works on the same principle as the devices you mention, but in app form. It covers Google, Microsoft, Facebook, Amazon and many other accounts and doesn't require a data convection.
I recommend Authy, it's more robust
It's best to assume I'm being sarcastic. if I'm ever serious I'll type "/s" to make it clear.
Might be another dumb question. I have the log in through my phone activated. It will not let me do that and TSA at the same time. Is the security the same with both these options?
Posted via the Android Central App
You mean is the security the same between getting the code sent to you over SMS vs getting the code from an app? The app is probably a tad bit more secure since the SMS system is technically able to be sniffed and moved elsewhere by the carrier, but in general you're getting the same time-based code either way and they're both very secure.
I don't get an SMS. I get a screen on my phone that says someone is trying to log into my account. Let them in yes or no. I click yes and it logs me in. I don't have to enter an extra code or anything else.
Posted via the Android Central App
Dumb question time.. Once TFA is setup, do I have to get a code through txt every single time I want to check my mail? Or is it just when making changes to my account? If it's every single time, I doubt I'll ever set this up lol. Also, is this strictly for Gmail or is it across all google apps? Thx
Google has its own app called Authenticator and only would be used when signing into you Google account for the first time on each unique device. Example: I sign into my Gmail account from a friend's laptop and it ask me for my authentication number after my password. My phone however is consistently logged in and auth is not needed each time. The image in the post is a 3rd party app called authy and work virtually the same way as Google's. I hope that was clear and helps.
Posted via the Android Central App
It's your Google account rather than Gmail. If you log in on a device and tick the box to remember you/stay logged in you won't need to sign in again.
If you use a different computer or browser, you have to get a code.
It's best to assume I'm being sarcastic. if I'm ever serious I'll type "/s" to make it clear.
By default, you only have to re-authenticate by signing in and providing a code every 30 days on any device you sign into. You can of course choose to only use it once, if you're planning on not returning to the device you're signing in on.
How about recommendations for 3rd party Two Factor Authentication apps, just in case some of those are better or more streamlined than the Google offering?
https://play.google.com/store/apps/details?id=com.authy.authy comes to mind (I've only seen it recommended; haven't tried it myself).
Yes. That would be taking this article one step further. I also recommend the app yubikey authenticator with any NFC OTP token (like the Fidesmo card - 10$). With it you store the keys on the hardware token instead of on the phone. Then you can have access to the codes from all your Android phone's and tablets!
I agree, I also use the YubiKey with NFC, works great.
I use Authy for all my 2FA accounts (Google, MS, etc) and I highly recommend it.
This could be a decent bit of information to some, TFA can only be installed on a single device. This, of course, helps eliminate the worry of multiple devices attached to a single .gamil account sharing that unique code to anyone that has access to those devices. Just keep those back up codes safe if you've elected to save/print them.
This is incorrect, you can only use Google authenticator on one device (unless you're cunning), but you can have Authy on multiple devices.
It's best to assume I'm being sarcastic. if I'm ever serious I'll type "/s" to make it clear.
Lol no worries. I should have been more clear that it's Google's authentication app and used as designed. Authy, pictured in the post, can be in multiple.
Posted via the Android Central App
If you save a photo of the Google authenticator QR code you can set GA up on as many devices as you want. But yes, Authy is great.
Like I say, unless you're cunning.
It's best to assume I'm being sarcastic. if I'm ever serious I'll type "/s" to make it clear.
You can easily use the authenticator on multiple devices by scanning the barcode with all your devices when it pops up on the website.
You can most definitely use it on multiple devices if you save the qr code or use the manual entry that is provided should you not have a qr scanner. In addition, there is Authy. I have the manual codes saved to LastPass and I am golden.