How to set up Google 2-Step Verification

It doesn’t matter how careful or savvy you are, there’s always a chance that somebody else could end up with one of your passwords. That’s particularly bad if it’s the password for your Google account: with unauthorised access, hackers could sift through your calendar, search or location history, or use Gmail to reset third-party passwords and gain control of any other accounts where you’ve registered using your Gmail address.

Fortunately Google offers all users two-step authentication, providing a free extra layer of security that should thwart any casual attack. Here’s how to get started.

1) You’ve probably already used two-factor or two-step authentication to access online banking. As the name suggests, access to an account protected by it requires two factors; usually login details that you know plus an item that you have. In Google’s implementation this is an extra security code sent to your phone. Even if someone discovers your password, only you have your phone, so they won’t have the extra security code.

Get started by opening your browser and logging into your Google account as usual, then visiting Google’s two-step authentication page. Click Get Started to begin.

2) On the next page click Start Setup, enter a phone number to use for codes and choose between voice calls and SMS. Note that this number can be a mobile or landline phone and will *only* be used for authentication; it won’t be added to your account recovery or notification options or to your Google profile. In most cases it’s best to use a mobile so you can log in on computers when away from home – a regular non-smartphone will work fine.

When you’ve provided a number, click Send code. On the next screen you’ll need to verify your phone by entering the code you received and clicking Verify. If nothing’s happened after a few minutes click Didn’t get the code? to go back a step and re-send or change your setup.

3) Once your phone has been verified leave the Trust this computer box ticked to create a trusted PC in case your phone is ever lost, then click Next. Finally, click Confirm to switch 2-Step Verification on and review the settings. You may be prompted to provide a backup phone number for use if your main phone gets lost.

You’ll now have to log back in to your Google account on each device where you use it; on everything except your trusted PC you’ll be prompted for and sent a security code. Leave ‘Don’t ask for codes again on this computer’ ticked only on your own computers; never on one you can’t vouch for.

4) If you have an Android, iOS or BlackBerry device you can use the free Google Authenticator app, which generates security codes even when your phone has no mobile or Wi-Fi connection. Use a computer to visit https://g.co/authenticator, logging in to Google if prompted, then follow the instructions provided to download and install Authenticator for your phone.

Use the barcode option in the phone app to photograph the QI code displayed on your computer screen, then enter the app-provided security code in the browser to complete the configuration. Note that the app’s blue clockface icon counts down the time for which the code is displayed, but codes remain valid for a short while even after newer codes have appeared.

5) In most cases things will work smoothly, but you can switch off 2-Step Verification or change its settings at any time. Here you can also add a backup number, or print or save a set of 10 one-time backup codes in case of emergency. The system’s extra security step isn’t supported by older Android phones or some non-Google apps on other devices with which you might want to share Google data – such as Mail on an iPhone.

Click the App-specific passwords tab and click Manage application-specific passwords to use Google’s workaround for this. Finally, the Registered computers tab lets you manage and reset the computers on which you’ve opted out of 2-Step Verification.