Advertisement
Advertisement

How to use Google 2-Step verification and Authenticator to protect internet accounts

Simon Handby
7 Jul 2014
Google 2-Step sign up page
Advertisement

With 2-Step verification you can protect your internet accounts from hackers even if your password is stolen

It doesn't matter how careful or savvy you are, there's always a chance that somebody else could end up with one of your passwords. That's particularly bad if it's the password for your Google account: with unauthorised access, hackers could sift through your calendar, search or location history, or use Gmail to reset third-party passwords and gain control of any other accounts where you've registered using your Gmail address. Fortunately, Google offers all users two-step verification (also known as two-factor authentication), providing a free extra layer of security that should thwart any casual attack.

Two-step verification, as the name suggests, adds in an extra step when you want to log into your account. As well as providing your password, you also have to enter a unique number, sent to it via SMS. As this number changes every minute, there's no simple way for hackers to get hold of the up-to-date security code and use it in time.

Even better, smartphone users (Android and iPhone) can install the Google Authenticator app, which generates the codes locally, so you don't need mobile reception. Google Authenticator is supported by third-party websites and services, including Facebook, Dropbox and Evernote, so you can protect other accounts using the same app. We'll show you how to get started. 

Step 1 - Get started with Gmail

Get started by opening your browser and logging into your Google account as usual, then visiting the 2-Step verification sign-up page. You can read more here about the benefits and features of 2-Step Verification, as Google brands it, or just click Get Started to begin.

Google 2-Step sign up page

Step 2  - Enter your phone number

On the next page click Start Setup, enter a phone number to use for codes and choose between voice calls and SMS. Note that this number can be a mobile or landline phone and will only be used for authentication; it won't be added to your account recovery or notification options or to your Google profile. In most cases it's best to use a mobile so you can log in on computers when away from home - a regular non-smartphone will work fine. When you've provided a number, click Send code. On the next screen you'll need to verify your phone by entering the code you received and clicking Verify. If nothing's happened after a few minutes click Didn't get the code? to go back a step and re-send or change your setup.

Two-step authentication verification code

Step 3 - Turn on 2-Step Verification

Once your phone has been verified leave the Trust this computer box ticked to create a trusted PC in case your phone is ever lost, then click Next. Finally, click Confirm to switch 2-Step Verification on and review the settings. You may be prompted to provide a backup phone number for use if your main phone gets lost. You'll now have to log back in to your Google account on each device where you use it; on everything except your trusted PC you'll be prompted for and sent a security code. Leave 'Don't ask for codes again on this computer' ticked only on your own computers; never on one you can't vouch for. In most cases things will work smoothly, but you can switch off 2-Step Verification or change its settings at any time. In the settings page, you can also add a backup number, or print or save a set of 10 one-time backup codes in case of emergency, such as if you lose your phone. It's worth making the backup codes, if nothing else, to prevent you from getting locked out of your account.

Google 2-Step Verification backup codes

Step 4 - Generate app-specific passwords

The system's extra security step isn't supported by older Android phones or some non-Google apps on other devices with which you might want to share Google data, such as Mail on an iPhone. However, for these you can generate an App-specific passwords. Click Manage app-specific passwords. To create a new password, use the drop-down menus to pick the type of app you want to creat a password for (Calendar, Mail, etc) and the type of computer (Mac, PC, etc). You'll then get a pop-up Window containing a password. Use that on the device that you want to connect to Google, instead of your existing password. You can also use this settings page to get rid of old app-specific passwords. Click Revoke next to the one that you want to get rid of.

Google App-specific passwords

Step 5 - Use the Google Authenticator app

If you have an Android, iOS or BlackBerry device you can use the free Google Authenticator app, which generates security codes even when your phone has no mobile or WiFi connection. Go to the Google Authenticar website, logging in to Google if prompted, then follow the instructions provided to download and install Authenticator for your phone. Use the barcode option in the phone app to photograph the QI code displayed on your computer screen, then enter the app-provided security code in the browser to complete the configuration. Note that the app's blue clockface icon counts down the time for which the code is displayed, but codes remain valid for a short while even after newer codes have appeared.

Google Authenticator App

Step 6 - Use Authenticator for other services

Google Authenticator is also supported by a lot of other services, as we mentioned in the intro. Each service has to be configured individually, so check its website for full instructions. However, the rough steps are the same for all. For example, with Facebook, go to the Security settings and click Login approvals. Click the 'Require a security code to access my account from an unknown computer'. Click Get Started to follow the wizard through, entering your phone number to get an authentication code. To use Google Authenticator, click Code Generator. There's an option to use Facebook's app for this, but it's not very good and it's easier to have everything in one place. Instead, click Set up another way to use codes and Facebook will bring up a QR code. In Google Authenticator, tap the Edit button (looks like a pencil) and tap the '+'. Scan, tap Scan Barcode and enter the code that appears on your phone's screen. You're ready to go, and can now set up any other supported websites and services in a similar way. 

Don't forget to generate backup codes using each service or website, which you can use to log in should you forget or lose your phone. Note these codes are separate from the Google codes you would have generated in Step 3.

Facebook Google Authenticator

Read more

Tutorials