Since I rely on my Google Account for so much, I decided to give Google’s two-step verification process a try. I didn’t want one day to come to the unpleasant realization that my Google account had been hacked. Just recently Google disclosed a phishing attack originating from Chinese hackers. As mentioned in the Official Google Blog, 2-step verification is a highly recommended way to protect your account.
Basically, the way it works is this: two-step verification generates a unique 6 digit code. You then sign in with your regular Google account password then you will be asked to verify. You enter the number you previously generated and bingo! You are in your Google account. It just takes an extra few seconds and a hearty second level of security is added.
Google 2-step verification uses your mobile phone – something you likely have with you all the time – as a tool to give you an extra level of security to your account. Any mobile phone which has the Google Authenticator app can be used. Any phone you have access to really can grant you a second level of security for your Google account, but a phone of the mobile variety is obviously more convenient.
If for some reason, you don’t have access to your mobile phone, you can use a backup phone number to generate the numeric code, or a code from a sheet of 10 codes you’ve printed out previously. What the application does is generate a one-time verification code. Then, you sign in with your regular password and are prompted to enter that one time only code. It’s pretty simple. This code will apply to all your Gmail services until you sign out of your Google account.
Set up time for this feature is 10 to 15 minutes. Here is the run down on the steps to login to your Google account once this feature has been implemented:
(1) Enter your regular password. You will be prompted for your verification code.
(2) Generate new verification code.
(3) Enter verification code.
How it works with your Google Account in your smartphone:
(1) You will need to generate an application specific password. Note that this application only password is different from a numeric verification code.
(2) Enter the application specific password. You will need to do this only one time. You will not be asked for an application only password or a numeric verification code on your mobile phone ever.
(3) Revoke the password should you lose your device via your Google account settings.
For those of you curious on how it will work on your Cr-48 or the upcoming Chromebooks:
(1) Logging into Chromebook is normal. Just use your Google password.
(2) Once you’ve logged into your Chromebook, you will need to generate a one-time only application specific password when trying to login to a Google service.
(3) From then on, you will be asked to enter your numeric code when you sign into your Google account via Gmail or other Google application.
My experience with this feature has been pretty good. No real complications. The trickiest part was that there are some applications that require that one-time application specific password.
One thing that confused me a bit in the process was realizing that I had to generate an application specific password for Chrome Sync. Note: you’ll be prompted anytime you’ll need such a password and you only need to do it once. Under your two-step verification settings, you’ll have the option to revoke it.
Google’s two-step verification isn’t for everybody. It may be a tad too much trouble for some to enter to generate that verification code and enter those digits every time you log in. However, I find Google two-step authentication very much worth the trouble. For me, investing a few more seconds in securing my Google account is a good investment of my time.
For Google’s full instructions on how to activate 2-step verification, click here.
Are you using 2-step verification?