You may have heard about Google's latest effort to improve the account security for Google account users: 2-Step verification. Google adds a second authentication layer to the standard username and password log in process.
The second step makes use of a connected smartphone or other means, with various options to generate the code locally or remotely. Options include receiving a one-time code per SMS or phone call, by installing an app on a smartphone, or by running devices that generate codes locally without need for a phone.
The feature is still being rolled out to all Google account holders and it can take some time before it becomes available. I just found an interesting article on Caschy's German blog where he explains how to start using the 2-step verification right now, even if the option is not displaying in the settings of the account yet.
Update: 2-step verification is available for all accounts now. You can configure it by visiting the Account settings page on Google and clicking on the entry listed under signing in. The full process is outlined below.
Enabling Google 2-Step Verification
Before I explain how that's done lets take a look under account settings first to see if 2-step verification is available there. Go to Google My Account and click on the sign in button at the top right of the screen if you are not already logged in
Enter your username and password and wait for the login process to complete. Select "sign-in & security" on the page to proceed.
Scroll down on the page until you find the 2-step verification option listed under "signing in to Google".
The setting should read on or off, and if it reads on, list the date 2-step verification has been enabled for the account.
If it is off, click on it to start the setup process.
You may be asked to enter your Google password again at this stage. The next page explains what 2-step verification is. The two main points are:
- Add an extra layer of security.
- Keep the bad guys out.
Basically, it requires that you provide another code after you enter your username and password that is generated on demand.
Click on the Get Started button to start the setup process. The next page requires that you set up a phone.
Select the country flag and enter the full phone number of the device that you want to use for 2-step verification. You may also switch from receiving codes by text message to receiving phone calls instead.
Please note that you can use other means besides text or phone calls later on. Click on the try it link after you have entered the information.
If all works well, you should receive a text message or phone call that provides you with the first 2-step verification code.
You need to enter that code on the next page to complete the setup process.
Configuring 2-Step Verification
While you need to link a phone number as part of Google's 2-Step Verification feature, other options are provided that you may want to explore.
- Backup Phone: You may add a backup phone number that may be used to receive voice messages with 2-Step Verification codes.
- Backup Codes: These codes are pre-activated, and may be used once each. Google provides you with ten codes, and options to generate more when required.
- Google Prompt: The new Google Prompt option requires an Android or iOS device. It pushes a prompt to the device that requires that you tap yes or no to allow or deny the sign-in process. Since you don't have to enter codes manually when using Google Prompt, it makes things a bit easier to use.
- Authenticator App: You may use an application instead of using remote means for code generation, text or voice. The application generates codes automatically, and may be useful in locations with bad phone reception.
- Security Key: Security Key is another local option when it comes to signing in. It requires a device that you connect to the computer to complete the second authentication step. You don't need to enter a code manually if you are using a Security Key.
The very same page lists trusted devices. Trusted devices don't require a second step of verification. You may revoke all or individual permissions at any time on the page.