Google Rolls Out Advanced Sign-In Security
A Google account is currently only protected by a username, which in most cases is an email address, and a password. Threats like phishing, brute forcing and social engineering are very common on today's Internet that try to gain access to a user's account information to gain access to the account.-
To protect its users, Google has decided to roll out an advanced sign-in security feature for Google accounts that makes those attack forms more or less useless.
Update: The easiest option to enable 2-step verification on Google is to open the My Account settings to do so. Google has changed how the feature is enabled and this is the way to do it. Locate 2-step verification on the page and follow instructions to set it up.
The 2-step verification is currently rolled out to all users. You can check the Account Settings page to see if the "Using 2-step verification" link is already available under Personal Settings > Security.
But what does it do? It basically adds a second login step after the username and password have been entered.
It is possible to receive the code via SMS, a call from Google or with a software that gets installed on the phone so that the code can be generated directly without direct contact to Google or the Internet. The software is available for Android, BlackBerry or iPhone devices currently.
The code is a unique temporary verification code that needs to be entered during login.
Once you enable 2-step verification, you'll see an extra page that prompts you for a code when you sign in to your account. After entering your password, Google will call you with the code, send you an SMS message or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iPhone device. The choice is up to you. When you enter this code after correctly submitting your password we'll have a pretty good idea that the person signing in is actually you.
A hacker would need access to both the phone and the Google login information to access the account. While that is still possible under certain circumstances it eliminates many possible attack vectors.
The verification code can be remembered for 30 days on a specific computer so that it only needs to be entered again once the 30 day period is over. There is also an option to create a one-time application specific password to sign in from non-browser based applications that do not prompt for the code.
A backup phone and backup codes can be created in case the phone gets destroyed, stolen or lost.
Users need to carry their phone with them if they want to access the Google account. They also need to make sure that the phone is accessible, as it is not possible to log in to the account if it is not. (via)
Another issue that users may experience is that some apps and services don't support the new login verification system. Google makes available app-specific passwords that can be generated on the 2-step verification website for use in these programs.Advertisement