Reference‎ > ‎Google‎ > ‎

Google's 2-Step Verification

Google's offering a new way to protect your data stored on its servers (e.g. the Google Cloud).  The new service is called "2-step Verification".  It’s not radically new, but it does make it harder for a criminal to steal your account.  Google has been offering this service for several months to its business customers and now it’s rolling it out to its regular users.

Weak passwords are the bane of any secure system, using what is commonly known in the security realm as "multi-factor authentication” you can increase system security exponentially by using a system like this.  The way multi-factor security works is that a person has two or more ways of authenticating themself (or proving who they really are), through:

  • Something you know (e.g. password)
  • Something you are (e.g. biometrics)
  • Something you have (e.g. a token)

Google's "2-step Verification" is a multi-factor authentication process which involves something you know (e.g. your password), and something you have (e.g. a token).   In the case of Google, the token can be your phone (landline or mobile).  If you have a smart phone, such as an Android, BlackBerry, iPhone, iPod Touch, or iPad, there’s an authenticator application available for those platforms.

During the setup process, you will be given 10 backup codes you can use to authenticate in case you lose your phone or don’t have access to the secondary backup phone number you setup (via a text message, or an automated voice message).

After you enable this feature, when you log into a Google service (such as: Gmail, Google Docs, Picasa, etc.), you will have to enter your standard username and password, then you will be prompted with a screen to enter your verification code.  There is an option to remember a computer for 30 days so you don’t have to re-authenticate for that period.

Any of your non-Google or non-browser based applications (such as a third party e-mail client [e.g. Outlook], IM client, etc.) you can setup one-time application-specific passwords for them.  Until these programs can become “Google Authenticator” aware this is the only way around this security enhancement.

To enable this feature, go to the Google Accounts page, then click the “Using 2-step verification” link.  Follow the setup process and it will walk you through the initial configuration.  It will take a few minutes to complete the configuration process, so take your time and do it correctly.