The internet should come with a warning: No matter how secure you try to make an account someone will eventually gain access to it. I'm incredibly careful about where I go and what I do on the internet and I've had it happen—I'm fairly confident most people have experienced a hacked account at least once.
Secure passwords aren't enough anymore, especially in light of phishing attacks that are increasingly common and harder to detect. A secure account needs a second method of authenticating legitimate users, and thankfully most of the larger internet-based companies have made it simple.
Two-factor authentication (which Google calls 2-step verification) is the use of a second step—usually a single-use key or password—along with a password to verify a user's identity. In Google's case the second step can come as a text message, a popup on your phone, through a Google Authenticator app, or from a series of printed single-use codes. It's been several years since we first detailed the steps to turning on two-factor authentication in Google, so here's a refresher.
SEE: There's a new Gmail phishing attack going around, and it's fooling everyone (TechRepublic)
You're only adding a few seconds to your login time by adding two-factor authentication and you're potentially saving yourself a huge headache.
1. Log in to Google
It all starts by logging in to your Google account. Once you do you'll be taken to the My Account page, pictured in Figure A, where you'll see a variety of options. On the left side is a column called Sign-in & Security. Click on the header to be taken to the next screen.
2. The Account Access page
The page (Figure B) that opens is your place for account security. You'll find a bunch of options, like doing an account security checkup, which is definitely a good idea if you're concerned about the state of your Google account.
SEE: Report: 57% of businesses can't find enough IT security pros (TechRepublic)
What we're looking for is the Signing In To Google header—you'll have to scroll down a bit to find it. One of the options under Password & Sign-in Method is 2-Step Verification. Click on that to be taken to the next screen.
3. Setting up 2-step authentication
Click on Get Started (you may have to log in again to see the next screen). You should then see the screen shown in Figure C. It will have your phone number in it if you've already added it to your Google account. If not you can choose any phone number and enter it in the field provided. Click on Try It to continue.
Give Google a minute—sometimes the texts are a little longer than instant. You'll eventually get a message with a six-digit code in it, which you'll put in the space provided, pictured in Figure D. Click next, and that's it!
You'll be prompted to turn on 2-step verification at the next screen (Figure E). Click Turn On and you're done.
Using 2-step authentication
From now on you'll be prompted to enter a six-digit code every time you log into your Google account from a new computer. That includes your phone and other personal devices—you'll need to verify them next time you log in.
Google will send you a text if anyone tries to log in to your account, which makes it a great security tool: Hackers won't get the code and you'll know it's time to change your password since it wasn't you who tried to log in.
- Take the time to walk through the new Google Privacy Checkup (TechRepublic)
- Cybercrime gang uses Google services for malware command and control (ZDNet)
- Google My Activity site reveals all the data that's been collected about your online habits (TechRepublic)
- Best Google Chrome productivity, privacy and security extensions 2017 (ZDNet)
- Google security: you (still) are the weakest link (CBS News)
Brandon Vigliarolo has nothing to disclose. He does not hold investments in the technology companies he covers.
Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.