Usually when I do a tutorial post, I’m teaching myself something new and want to offer a straight-forward guide in an effort to help anybody else who finds themselves googling “how do I set-up 2-step verification” and in the case of today its really no different, although I had a roundabout way about going about it. In setting up a new GitHub account, I read about their 2-step verification options which prompted me to (decide to) download Google Authenticator and after that was done, I realized hey – I should probably do that thing that Google keeps bugging me to do everytime I login. And here are!
Why You Should
Do you ever use the same password for multiple websites? Do you ever use a public computer to sign into your Google mail account? Such actions weaken your password and make it easier to steal.
Maybe you’re thinking to yourself, but why isn’t a username and password good enough? Well, if you choose your passwords wisely and change them on a regular basis, maybe you’re fine – but why not secure your accounts further, incase they are ever compromised and you want to retain access? Those of us who use combined services like Google, or with accounts containing sensitive information like financial or personal data, the idea of someone else gaining access to #ALLTHETHINGS, is actually quite gut-wrenching.
Perhaps you don’t have a Google account* and think this post is useless but lots of other products and services offer 2-step verification security options, so you could skip the walkthrough and jump right down to the app talk, if you wanted to…
*… but, if you use (log into) any of the following services, you my friend are indeed using Google: Gmail, Drive, YouTube, Google+, AdSense, Alerts, Analytics, Calendar, Maps, Talk, Play Wallet, or Webmaster Tools… just to name a few.
What To Expect
To get this all set-up and ready to go, the time is dependent on your ease of understanding the things that you are doing (ie you are familiar with navigating account settings and using your phone on a texting or app installing basis) and how many devices you use that may already have accounts installed on them. After its all set-up and ready to go, you shouldn’t really notice a change in what you need to do unless you use a new computer or device to sign into your protected accounts, in which case there will be an extra step involving a security code – which you can retrieve easily and we’ll talk more about below.
For example, I set up my app and account before revising the updated passwords required on both my phone and tablet devices. I then grabbed my s/o’s phone and proceeded to do his for purposes of obtaining screenshots for this guide helping share the love of security. Initial set-up of 2-step verification was a few minutes and subsequent editing of account passwords took another whole minute for both of us. Huzzah!
How To Do It
Log into your Google account at http://accounts.google.com
Google Account Security Settings Page
Click the Security link at the top of the page, and look for the ‘2 step verification’ heading under the Password area, and click Setup. (You may get an additional welcome screen on the next step, if so, click the Start Setup button)
Google will send a numeric code to the phone number you enter here.
If you haven’t set up a recovery phone number on your Google account, you can do that now. Once you’ve submitted your number you will receive a voice or text message with a 6-digit code that you will need to enter.
Enter the code you receive via text message here.
It is advised to have at least one main personal computer that is granted trusted access.
After you verify your code you will be asked if you want to trust the computer you’re on. If you are using a shared computer, a public computer, or a computer that you don’t normally use day-to-day, this isn’t something you may want to do. However, having at least one trusted computer has its benefits if you were to lose your phone and needed to regain access to your Google accounts.
Finally, by confirming your 2-step verification process, you’ll only be asked for a code whenever you sign in using your Google account from an untrusted computer or device.
Getting Locked Out
Get backup codes so you don’t get locked out.
If you don’t have access to your phone, you can download and print a set of backup codes. Back on your Security > 2-Step Verification page you will see areas to input a backup phone number as well as where to download and print your backup codes. If you lose your phone or the number changes, you can edit these settings later in your Google account.
Enter a backup phone number and download backup codes when you’re primary way of verification is unavailable.
If You Already Have Google Accounts Set-up on Your Devices
If you connect to Google via third-party apps, you may need to create an app password.
If an app gives you an error about something being wrong with your password, you may need to configure it with an app password, as you’ve just enabled an advanced security feature.
If an app gives you an error about something being wrong with your password, you may need an app-specific password.
Back on your Security > 2-Step Verification page, if you click the tab for ‘App-specific passwords’, you will see a new area where you can manage the applications you may already have in place, such as Mail on iPhone or iPad, Microsoft Outlook, or Mail on Mac.
Some applications that work outside of a browser aren’t compatible with 2-step verification and require an additional app password.
Give your new app password a name that you’ll recognize, such as “Gmail on my Phone”, and the code that it generates for you is the new password you should enter for that account on your device. Boom.
Using Google mobile apps such as Gmail and Google+ will let you access your Google Account from a mobile device without needing an app password. However, as I learned with both my iPad and my Google Nexus, I still needed to login via a browser and input the Google code that Authenticator gives me through the app on my phone, which provides an excellent segway into…
There’s also an App for that
There is another way to receive 2-step verification codes from Google.
On the 2-Step Verification page you may have noticed that there are two options for the primary way you receive security codes and we’ve just walked through the basic way in which your phone is either connected for calls or texts. The other way you can do this is through an app (instead of voice or text messages to your phone). There are different apps out there, so read up on what you think works best for you, but for sake of sticking with Google, I installed Authenticator and Barcode Scanner.
Google Authenticator generates 2-step verification codes on your phone.
Why Would I Need This
If you want to move beyond Google and use ‘2-step verification’ with other products and services that have the option for it, you can use an app like Google Authenticator (in combination with Barcode Scanner) to store “accounts” and manage their various security codes. This way, instead of having multiple text messages from different accounts come in when you need them – you can open up your app and retrieve them all in a nice list format and manage them from there.
Its also handy for still being enabled when your phone is offline or in airplane mode.
What’s With the Barcode
In some cases, when setting up an initial account for 2-step verification you will be asked to scan a QR Code to set-up a new account. Authenticator will specifically ask you to install the Barcode Scanner app in addition to itself and works seamlessly once installed.
That’s it, that’s all!
I hope that helps someone out there! If I’ve missed anything or you have any questions, leave your comment below!