Have you ever worried that your email account was hacked? I had a scare recently that turned out to be unfounded, but it got me looking into ways to further secure my Gmail account. I had heard of Gmail’s two-factor authentication before, but had only dabbled in it. I now have two-factor authentication activated on both of my accounts, and it is pretty unobtrusive, and adds significant security to my account.
Two-factor authentication is dependent on you inputting a verification code when you log in, in addition to your normal password. When you activate two-factor authentication in your Google account settings, you will need to decide how you will receive this verification code. I use Google Authenticator, an official Google Android app that provides a unique code that is replaced every 30 seconds. The Authenticator apps is also available on iPhone or Android, or you can also choose to receive the code by text message or phone call. You can only receive the code using one of the methods, however. If you decide you want to try a different method, you must change a setting in your Google account.
So how does it work in practice? When I try to sign in to Gmail, I’m prompted not only for my password, but also for the verification code. You can check a box if you want to exempt that device from requiring the code for the next 30 days.
I then pull out my phone, and open the Authenticator app. The app is simple, and presents you with one code for each Gmail account that you use (and for which you’ve activated two-factor authentication).
Take the six digit code that appears, and enter into the Verification Code box on the page where you were trying to log in. You can then sign in as you normally would.
If you’re worried about what might happen if you lose your phone, Google has you covered. From your account, you print out a list of one-time verification codes, and store them somewhere safe. Those codes will work one time, and one time only, but that should at least be enough to allow you to log into your account and change your default method of receiving your code.
For apps that don’t allow you to input a code, such as Reeder on the Mac or iPad, you can sign in to your Google account and generate an application-specific password. You then use that password instead of your normal Google password with the app in question, and it will work for that app, and that app only.
One aspect of the service I don’t understand is how the Authenticator app works without data service. If any of you security gurus know, sound off in the comments. I presume that it either hashes a code, or generates a list of codes every time that it gets a data connection, but those are just guesses.
The only glitch I found with two-factor authentication occurred when setting up iCal on my Mac. I use WebDav to set up multiple Google accounts in iCal, and got bombarded with password requests after activating two-factor authentication. I suspect I just need to take my time, and methodically create an application specific password for each prompt, but I’m not sure.
Have you tried two-factor authentication? If not, why not?
Anna says:
What a great info, I will definitely use it. thank you dear! I was wondering when they will make something like this.
September 12, 2011 — 3:03 pm
Kosmo @ The Soap Boxers says:
I wonder if it would be possible to use Bluetooth pairing to do this sort of thing automatically? You’d have to enter the normal password, and Google would need to sense the presence of your phone.
I’m not that well versed in Bluetooth communication, though, so I don’t know if that is feasible.
September 12, 2011 — 10:15 pm
Name (required) says:
This post really give us a great info and definitely, I learned a lot from this because my gmail account was hacked by unknown person. This review would really mean a lot for me to solve my problems to secure important messages on my account.
September 13, 2011 — 9:49 pm
Cristian Balau says:
I don’t need to activate such a feature. First of all I have a very complex and random password that nobody and can ever crack and second, I don’t know if I want to go throw additional trouble just o login into my gmail account.
September 16, 2011 — 9:40 pm
BrianK says:
Cristian- Your very complex and random password is no match for a key logger or if you encounter a sophisticated phishing attack when you aren’t paying 100% attention.
November 3, 2011 — 11:43 am
Evan Kline says:
That’s a good point, and one reason I use two-factor authentication for important services (Gmail, LastPass) that offer it.
November 5, 2011 — 10:01 am
ekta sachdeva says:
I have started using this 2 way security but my phone is out of order now and because of this i am not able to use my gmail as well.
Please suggest to break this.
Ekta
December 22, 2011 — 9:30 am
Evan Kline says:
Hi Ekta. Did you print out the backup passwords? If so, you could use that to log in, and then disable 2 factor authentication. Also, if you previously logged into a computer and set it to not require authentication for 30 days, you could get into your account that way and disable authentication.
January 5, 2012 — 11:03 am
Anderson says:
Getting messages on cell takes time and some times network is not there then to u have to wait ages.
October 8, 2012 — 6:59 am