Follow Us


     Follow Us on Facebook  Follow Us on Twitter  Circle Us on Google+  Subscribe to RSS Feed  Get Updates Via Email

Secure Your Gmail Account With Two-Factor Authentication

Gmail security

Have you ever worried that your email account was hacked? I had a scare recently that turned out to be unfounded, but it got me looking into ways to further secure my Gmail account. I had heard of Gmail’s two-factor authentication before, but had only dabbled in it. I now have two-factor authentication activated on both of my accounts, and it is pretty unobtrusive, and adds significant security to my account.

Two-factor authentication is dependent on you inputting a verification code when you log in, in addition to your normal password. When you activate two-factor authentication in your Google account settings, you will need to decide how you will receive this verification code. I use Google Authenticator, an official Google Android app that provides a unique code that is replaced every 30 seconds. The Authenticator apps is also available on iPhone or Android, or you can also choose to receive the code by text message or phone call. You can only receive the code using one of the methods, however. If you decide you want to try a different method, you must change a setting in your Google account.

So how does it work in practice? When I try to sign in to Gmail, I’m prompted not only for my password, but also for the verification code. You can check a box if you want to exempt that device from requiring the code for the next 30 days.

Google Two-factor authentication.png

I then pull out my phone, and open the Authenticator app. The app is simple, and presents you with one code for each Gmail account that you use (and for which you’ve activated two-factor authentication).

Google Authenticator.png

Take the six digit code that appears, and enter into the Verification Code box on the page where you were trying to log in. You can then sign in as you normally would.

If you’re worried about what might happen if you lose your phone, Google has you covered. From your account, you print out a list of one-time verification codes, and store them somewhere safe. Those codes will work one time, and one time only, but that should at least be enough to allow you to log into your account and change your default method of receiving your code.

For apps that don’t allow you to input a code, such as Reeder on the Mac or iPad, you can sign in to your Google account and generate an application-specific password. You then use that password instead of your normal Google password with the app in question, and it will work for that app, and that app only.

One aspect of the service I don’t understand is how the Authenticator app works without data service. If any of you security gurus know, sound off in the comments. I presume that it either hashes a code, or generates a list of codes every time that it gets a data connection, but those are just guesses.

The only glitch I found with two-factor authentication occurred when setting up iCal on my Mac. I use WebDav to set up multiple Google accounts in iCal, and got bombarded with password requests after activating two-factor authentication. I suspect I just need to take my time, and methodically create an application specific password for each prompt, but I’m not sure.

Have you tried two-factor authentication? If not, why not?


Related Posts

Twitter Digg Delicious Stumbleupon Technorati Facebook Email Clip to Evernote

About Evan Kline

Evan started 40Tech to write about tech from his perspective – that of the average 40-something tech geek. When not writing about tech, you might find him with his beautiful wife and baby girl, out on the ski slopes, at his real-life job as a lawyer, over on Google+, or scrounging for followers on his personal Twitter account after years of focusing on the 40Tech account.

10 Responses to Secure Your Gmail Account With Two-Factor Authentication

  1. What a great info, I will definitely use it. thank you dear! I was wondering when they will make something like this.

  2. I wonder if it would be possible to use Bluetooth pairing to do this sort of thing automatically? You’d have to enter the normal password, and Google would need to sense the presence of your phone.

    I’m not that well versed in Bluetooth communication, though, so I don’t know if that is feasible.

  3. This post really give us a great info and definitely, I learned a lot from this because my gmail account was hacked by unknown person. This review would really mean a lot for me to solve my problems to secure important messages on my account.

  4. I don’t need to activate such a feature. First of all I have a very complex and random password that nobody and can ever crack and second, I don’t know if I want to go throw additional trouble just o login into my gmail account.

  5. Cristian- Your very complex and random password is no match for a key logger or if you encounter a sophisticated phishing attack when you aren’t paying 100% attention.

  6. I have started using this 2 way security but my phone is out of order now and because of this i am not able to use my gmail as well.

    Please suggest to break this.


    • Hi Ekta. Did you print out the backup passwords? If so, you could use that to log in, and then disable 2 factor authentication. Also, if you previously logged into a computer and set it to not require authentication for 30 days, you could get into your account that way and disable authentication.

  7. Getting messages on cell takes time and some times network is not there then to u have to wait ages.


  1. Make Your LastPass Account Uncrackable: LastPass Adds Support for Google Authenticator | 40Tech - November 5, 2011

    [...] a user to present a second form of confirmation before being able to log in to an account. We previously wrote about how, for Google accounts, that second form of authentication can come via a one-time code generated [...]

Leave a Reply