Weak passwords are a plague on both personal and business security, and can even impact your friends and relatives.Having your email account hacked can be a nightmarish experience, because the infiltrator can mine your email account for information about other services you use. If you use the same password on other services, they will be able to gain access to those as well.
They can also use your account to send spam or steal a copy of your entire contacts list, and use that information in phishing scams.
If you are using Gmail or Google Apps, the infiltrator can also access your photos, private documents, and anything else stored in your account. In order to provide additional security for Gmail and Google Apps users, Google has implemented a 2-Step Verification process.
What is Google’s Two-Step Verification?
The 2 Step verification process is similar to what your bank uses on their website to verify customers using online banking (e.g., your SiteKey image and security questions on Bank of America’s Online Banking).
The 2-step verification adds an extra layer of security to your Google Account by requiring you to have access to your phone – as well as your username and password – when you sign in. This means that if someone steals or guesses your password, the potential hijacker still can’t sign in to your account because they don’t have your phone.
It adds an additional layers to your account security that makes it extremely difficult for someone to break into your account.
Setting Up 2-Step Verification:
Before you begin setting up 2-step verification, make sure you have either your cell phone or an available landline or VoIP phone. You will also need a list of the Web and desktop applications you use to log into your Google account. The entire process of setting up 2 step verification will take at least 15 minutes to complete.
1. Log into your Google Apps email account or your Gmail account.
2. Click on the drop-down arrow next to your email address in the upper right corner of the screen. Choose Account Settings from the menu.
3. On the Account Settings page in the Security section, click on Using 2-step verification.
4. Before you begin the process, make sure you have access to your cell phone, smartphone, VoIP phone, or landline phone. Google will send a verification code by SMS or voice message to the phone of your choosing during the setup process.
5. On the 2-step verification screen, click the Set up 2-step verification button.
6. On the next screen you will be prompted to choose how you would like to receive your verification codes. From the drop-down menu you can choose Text message (SMS) or voice call, Android, BlackBerry, or iPhone.
In order to use your smartphone, you will have to install the Google Authenticator application. In this example we will use the Text message (SMS) or voice call option.
7. Choose your country from the drop-down menu. If you want to receive the code by SMS, enter your cell phone number in the phone number box, and click the radio button next to SMS text message.
If you want to receive an automated voice message, enter either your landline/VoIP or cell phone number and click the radio button next to Automated voice message.
8. Click the Send code button, and the code will be delivered to your phone by automated voice call or SMS.
9. Once you have received your code, type it into the Code box and click the Verify button.
10. You will receive a message stating that Your phone number is configured. Click the Next button.
11. Your phone is now setup to receive verification codes. Click Next to add backup options.
12. The next screen will list Backup verification codes. Print them by clicking the Print codes button, and put them in a safe place that is easily accessible (e.g., your wallet or your purse).
13. Once you have printed your Backup verification codes, click the checkbox next to Yes, I have a copy of my backup verification codes, and click Next.
14. On the next screen you can add a backup phone number to send your codes to. This can be your work phone number, a friend’s phone number, or any number that you will be able to access easily. Once you’ve setup a backup phone number, click Next.
15. If you are using other Google applications that cannot ask for verification codes, like the desktop Picasa application, you will be prompted to set up application-specific passwords. Click Next to continue.
16. To complete the process click the Turn on 2-step verification button. You will be logged out of Gmail or Google Apps, and you will be prompted to login with your password and a verification code.
17. Once you log back in, you are prompted to create application specific passwords for applications you use to access information in your Google account. Click the Create passwords button.
18. If you use any third party applications that connect to your Google account (e.g., OffiSync), enter the name of the application in the Generate new application-specific password box and click the Generate password button. Google will generate a password specifically for that application.
Open the application and use your new application-specific password to connect to your Google account. You do not need to remember these passwords, as you will only use them to authenticate one time.
Now that you have 2-step verification set up on your Gmail or Google Apps account, your account will be more secure, and it will be much more difficult for it to be compromised. Make sure to keep your backup codes where you can find them easily, because you will need them if you do not have access to the phone(s) you used during the setup process.
By taking 15 minutes to step through this process and add additional security to your Google account, you are not only protecting yourself. You are protecting your friends, family, contacts, and business from spam, and phishing scams.
You are also protecting yourself from the potential of identity theft if you have sensitive materials (e.g., credit card numbers or your social security number) stored anywhere in your email or documents. Take a few minutes to protect yourself now, and avoid spending days cleaning up the mess left behind if your account is compromised.
Have you used the 2-step verification with any other services? If yes, how was your experience?
Do you think this process will considerably improve your Google account security? Share your opinion and thoughts in the comments.