Google Rolls Out Advanced Sign-In Security - gHacks Tech News

Google Rolls Out Advanced Sign-In Security

A Google account is currently only protected by a username, which in most cases is an email address, and a password. Threats like phishing, brute forcing and social engineering are very common on today's Internet that try to gain access to a user's account information to gain access to the account.-

To protect its users, Google has decided to roll out an advanced sign-in security feature for Google accounts that makes those attack forms more or less useless.

Update: The easiest option to enable 2-step verification on Google is to open the My Account settings to do so. Google has changed how the feature is enabled and this is the way to do it. Locate 2-step verification on the page and follow instructions to set it up.

The 2-step verification is currently rolled out to all users. You can check the Account Settings page to see if the "Using 2-step verification" link is already available under Personal Settings > Security.

But what does it do? It basically adds a second login step after the username and password have been entered.

using 2 step verification

It is possible to receive the code via SMS, a call from Google or with a software that gets installed on the phone so that the code can be generated directly without direct contact to Google or the Internet. The software is available for Android, BlackBerry or iPhone devices currently.

The code is a unique temporary verification code that needs to be entered during login.

Once you enable 2-step verification, you'll see an extra page that prompts you for a code when you sign in to your account. After entering your password, Google will call you with the code, send you an SMS message or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iPhone device. The choice is up to you. When you enter this code after correctly submitting your password we'll have a pretty good idea that the person signing in is actually you.

verification code

A hacker would need access to both the phone and the Google login information to access the account. While that is still possible under certain circumstances it eliminates many possible attack vectors.

The verification code can be remembered for 30 days on a specific computer so that it only needs to be entered again once the 30 day period is over. There is also an option to create a one-time application specific password to sign in from non-browser based applications that do not prompt for the code.

A backup phone and backup codes can be created in case the phone gets destroyed, stolen or lost.

google 2-step verification

Users need to carry their phone with them if they want to access the Google account. They also need to make sure that the phone is accessible, as it is not possible to log in to the account if it is not. (via)

Another issue that users may experience is that some apps and services don't support the new login verification system. Google makes available app-specific passwords that can be generated on the 2-step verification website for use in these programs.

Summary
Google Rolls Out Advanced Sign-In Security
Article Name
Google Rolls Out Advanced Sign-In Security
Description
Google enabled a new authentication option called 2-step verification which improves the login security when signing in to Google accounts.
Author




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Ross said on February 12, 2011 at 1:08 am
      Reply

      “The 2-step verification is currently rolled out to all users.” No, it’s not rolled out to ALL users. I have that link, but when I go there, there’s a yellow tag saying “This is an advanced feature. 2-step verification for this account will be available soon.”

    2. Bankdroid said on February 12, 2011 at 11:09 am
      Reply

      Well, if somebody has a sample of that message, I can add it to SMS Key app on Android to help using it in comfortable manner. Unfortunately it is really not available for all users. I don’t have this option neither.

    3. toula said on April 24, 2014 at 4:47 pm
      Reply

      PLEASE HELP ME!

      My brother was visiting for Easter and asked to access his email acct
      He has gmail

      Since then on my Google home page displays his email acct as if he is the owner of my computer, and if I try to get access to gmail his ONE Acct All Sign In comes out
      Tried to create as a new gmail acct, and it says something about creating a secondary acct as if he is the one that owns my computer and I am a secondary acct.

      I feel that I do not own my computer anymore How can I get this out?

      PLEASE HELP!

      1. Martin Brinkmann said on April 24, 2014 at 6:33 pm
        Reply

        You need to sign out first before you sign in to your account.

    Leave a Reply