Setting Up Google 2-step Verification

09 Aug 2012Chris Fairey

The recent article in Wired Magazine (http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/) relating to a sophisticated attack against a specific individual that led to the closure of their GMail Account, compromise of their Twitter account, Amazon Account and Apple iCloud Service (which the attacker then used to wipe the data from the victim's iPhone, iPad and Mac), highlights the need for strong multi-factor authentication.

The article points out that, had this particular person enabled Google's 2-step verification system (which asks you to enter a 6-digit code every time you log into your Google Account), the attack that he suffered would probably have been a lot less damaging (they also point out that, had they had regular backups, the loss of all the data from their Mac would not have been as totally devastating as it turned out to be, but that's a topic for another post.)

Setting Up 2-step Verification

Google makes the process of setting up 2-step verification fairly straight-forward, providing you are near a telephone, or have your smartphone handy.

The first step is to log into your Google Account as you normally would.

Once logged in, navigate your way to Settings by clicking on the gear-shaped button above your list of messages.

Once in the settings screen, click the 'Other Google Account Settings' link, which will open a new tab/window.

Click 'Security' on the left-hand side, followed by 'Edit' next to '2-step verification' which at this point should say OFF.

This will start the set-up process, follow the instructions given to your by the set-up utility, and enter the code that Google sends to your phone.

Setting Up an Application-specific Password

Certain applications/devices (such as your Android phone/tablet, iPhone/iPad, or e-mail clients) do not currently support 2-step verification, and must have a password generated for them by the 2-step verification service. Doing this is very easy.

If you are still in the Security Settings section of your Google Account (where you went to turn on 2-step verification), it should now say ON next to the 'Edit' button.

Click the 'Edit' button, followed by the 'Manage Application-specific Passwords' link, which will ask you to enter your Google Account password, do this now.

This will take you to a page detailing all the applications/services that have access to your Google Account (you can revoke access to anything listed at the top of this page by clicking it's 'Revoke Access' button).

To generate an Application-specific password, Type a name for the application (for example 'My iPhone'), into the box underneath the 'Application-specific Passwords' heading, and click the 'Generate Password' button.

Google will now display a yellow box containing your new password for the application/device you specified, which you should now enter into the application/device settings for your Google Account.

That's All Folks

That's all there is to activating 2-step verification for your Google Account, and the process described above works for Google Apps accounts used by businesses as well, although your administrator may need to enable support for 2-step verification before you can activate it.

You can also specify back-up phone numbers that 2-step verification will contact should you lose your smartphone with the Authenticator app which generates 2-step verification codes on your phone that you type in when Google asks for them, setting this up is a simple matter of locating the Google Authenticator app in either the Google Play or App Store, and following the instructions.

You can even print off a set of 10 emergency codes to be used when you do not have either your smartphone or access to your backup phone. Once you use the 10th code, you can print some more, and should you ever lose the paper with them on, generating new ones invalidates the old ones.

 

We take the pain out of IT and Cyber Security

Contact us today to cure your IT & Cyber Security headache

Tell us about your Issues
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram