A Google account is currently only protected by a username, which in most cases is an email address, and a password. Threats like phishing, brute forcing and social engineering are very common on today’s Internet. To protect its users, Google has decided to roll out an advanced sign-in security feature for Google accounts that makes those attack forms more or less useless.
The 2-step verification is currently rolled out to all users. You can check the Account Settings page to see if the “Using 2-step verification” link is already available under Personal Settings > Security.
But what does it do? It basically adds a second login step after the username and password have been entered. It is possible to receive the code via SMS, a call from Google or with a software that gets installed on the phone so that the code can be generated by the user without direct contact to Google. The software is available for Android, BlackBerry or iPhone devices
The code is a unique temporary verification code that needs
to be entered during login.
Once you enable 2-step verification, you’ll see an extra page that prompts you for a code when you sign in to your account. After entering your password, Google will call you with the code, send you an SMS message or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iPhone device. The choice is up to you. When you enter this code after correctly submitting your password we’ll have a pretty good idea that the person signing in is actually you.
A hacker would need access to both the phone and the Google login information to access the account. While that is still possible under certain circumstances it eliminates many possible attack vectors.
The verification code can be remembered for 30 days on a specific computer so that it only needs to be entered again once the 30 days are over. There is also an option to create a one-time application specific password to sign in from non-browser based applications that do not prompt for the code.
A backup phone and backup codes can be created in case the phone gets destroyed, stolen or lost.
Users need to carry their phone with them if they want to access the Google account. They also need to make sure that the phone is accessible, as it is not possible to log into the account if it is not. (via)
Related Articles:
Yahoo! Improves Account Security With Second Sign-in VerificationHow To Properly Protect Your Google Account, Login
How To Resend The Google Verification Email
Enable Google 2-Step Verification Right Now, Even If It Is Not Available
Google Account Recovery Per SMS Available In Additional Countries
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.
“The 2-step verification is currently rolled out to all users.” No, it’s not rolled out to ALL users. I have that link, but when I go there, there’s a yellow tag saying “This is an advanced feature. 2-step verification for this account will be available soon.”
Well, if somebody has a sample of that message, I can add it to SMS Key app on Android to help using it in comfortable manner. Unfortunately it is really not available for all users. I don’t have this option neither.