Keep your Google account(s) from being hacked, enable two-factor authentication


When it comes to data you want secured, your email accounts are probably close to the top of the list. Though email is technically an unencrypted medium, the average hacker might not go to too much trouble to grab a single message — but they'd love a peek at your history full of password resets, not to mention getting potential access to your bank accounts or other private information.

Strong passwords can help, but to be as secure as possible, you want to enable two-step authentication.


What is two-step authentication?

Two-step authentication is the most prevalent way to secure your accounts: It asks you to authenticate that you are who you say you are by supplying not only your password, but a unique code supplied from your phone or an external app. It ensures that those accessing your accounts have access to your physical devices as well as your virtual passwords, and makes a simple password crack or social engineering hack a lot more insufficient in actually accessing your personal data.
How to set up your Google account with two-step authentication

Google was one of the first companies to offer two-step authentication for its user accounts; the company even created an option for third parties who want to offer two-step support for their services called Google Authenticator. Companies like Facebook, Tumblr, and Dropbox all use Google's service, as does Google itself.

As such, Google's experience with two-step authentication makes it a remarkably simple process to set up. Here's what you need to do.

Visit Google's 2-Step Verification page and click on Get Started.

  • Enter your Google email and password (or just your password, if you're already logged in to Google).
  • Click the Start setup button.
  • Add a phone number that Google can send the six-digit verification code to. (For semi-obvious reasons, this shouldn't be your Google Voice number: If you use that phone number, you might end up locked out of your account.)
  • Verify your phone number by entering in the six-digit code Google sent you.
  • Choose whether or not to add your current computer as a trusted device.
  • Confirm that you wish to turn on two-step verification.
And you're set! Google will now send your phone a six-digit code for any app that uses Google's web interface to authenticate your account.
How to use Google Authenticator

If you don't want codes sent via text message, you can also enable Google Authenticator; this allows you to receive a randomly-generated code from programs like Authy or 1Password or Google's own authenticator.

You can use Google Authenticator for a slew of different services in addition to your Google Account; you just need to make sure they have code generation turned on. Each service has a slightly different way of enabling this, but in general you should find it under the Security section of your preferences.

Here's the setup screen for your Google accounts:

When you click to enable code generation, you'll be presented with a barcode; scan this with Authy, 1Password, or Google Authenticator to add the account.

Once you've added your account, use the code generated by your app of choice to activate two-step code generation back on the original service.

Enable per-app passwords

Though most third-party Mac apps that hook into Google's services use the company's web interface to authenticate your account, support for this on the system level for iOS and OS X isn't quite there yet — though it is coming in iOS 8.3 and OS X 10.10.3.

In the meantime, you don't have to sacrifice your two-step security elsewhere until those updates come around: You can use your traditional username and password fields by generating one of Google's per-app passwords. They're not as secure as two-step authentication, but it guarantees that if someone breaks into that application, they'll have a one-time password only good for that program and can't get into your account on the web.

To access per-app passwords for your Google account, visit your Google account settings, then under the Signing in section, click on 2-Step Verification.

From there, select the App-specific passwords tab and click the Manage application-specific passwords button.

Once you're in the management section, you can generate a new app-specific password for your application, or revoke passwords for any old applications you no longer use or that may have been compromised.

Comments