Google's two-step authentication helps you restrict access to your accounts. Normally, you login to a website with your username and password. Without two-step authentication, you're done. Access to your account relies on the strength of your username and password.
With two-step authentication enabled, you'll be prompted to enter a six-digit number after you provide your username and password. Unlike a PIN number for an ATM, this six-digit number changes with every login.
Many sites send a text message to you containing the six-digit number. That's how things work if you've enabled two-step authentication at Facebook, Twitter and LinkedIn as of June 14, 2013. (Follow the links for each service to learn how to enable two-step authentication on each of these widely-used social media sites.) If you use these sites and have a cellphone, I strongly recommend you enable two-step authentication at each service.
Other sites let you use the Google Authenticator app to generate the six-digit number. The app generates a different six-digit number for each connected site, and these numbers change every 30 seconds. With the app, you don't have to wait a few seconds to receive a text message. Here's how to set up and use the Google Authenticator app with your Google account, along with a few other well-known sites.
Doing the two-step
1. Make sure two-step authentication is enabled for your Google account
Before you start using the app, make sure that two-step authentication is enabled and configured for your account. See my August 2012 article, "Secure your Google Account with two-step authentication" for details.
2. Install the app
3. Connect Google Authenticator to your Google AccountLogin to your Google account at http://accounts.google.com. Choose "Security" from the left-side menu, then look for "2-step verification" and click "Edit". You may need to login again.
Connect your Google Authenticator app to your Google account by following the prompts after "How to Connect" a Mobile Application.
The free Google Authenticator app helps secure your Google account.
The process will be similar when you enable 2-step authentication on other sites, and then link your Google Authenticator app with those sites, with these general steps:
- You enable 2-step authentication at the website, and then
- Indicate you want to use your Google Authenticator app to generate codes.
- Next, you use the Google Authenticator app on your phone to scan a code displayed by the website on your computer screen, and then
- The Authenticator app adds the account.
- You enter a six-digit code generated by the Authenticator app to verify that the site and app are linked.
4. Connect Google Authenticator for 2-step authentication at other sites
Many companies have adopted the 2-step authentication process. For many users, discovering how to enable 2-step authentication at each site can be a bit time consuming. So here's a quick guide to a few of the most widely visited sites with which you can use the Google Authenticator app.
Secure your Wordpress.com account by logging in to your account, then choosing "Settings", then "Security". Then enable 2-step authentication with Google Authenticator.
Secure your Wordpress.com account with Google Authenticator.
Yes, you can use Google Authenticator for 2-step authentication of Outlook.com accounts. To enable 2-step authentication at Outlook.com, login, then choose "Account Settings", then "Security info". From this page you can enable 2-step authentication and manage your authenticator apps.
Your Google Authenticator app can help securely access Outlook.com accounts.
Evernote's setup is similar to the others above: login, go to "Account Settings", then choose "Security". From there, you can enable 2-step authentication using Google Authenticator.
Evernote enabled 2-step authentication in May 2013.
Dropbox provides a nicely designed step-by-step process for enabling 2-step authentication. First login to your Dropbox.com account, choosing "Settings", then select the "Security" tab. From there, click the link to enable two-step verification.
Dropbox has a nicely designed step-by-step process that walks users through each step of configuring 2-step authentication.
Finally, if you use the LastPass password manager, I strongly encourage you to secure it using 2-step authentication. Even if you use a very long, obscure password, the LastPass.com data store, if breached, would provide access to all of your passwords for other sites. This is worth securing.
To enable 2-step authentication in LastPass, login, then choose Settings, then select the "Multifactor options" tab. Choose the "Google Authenticator" option, then follow the on-screen instructions.
Your LastPass.com password data store is definitely worth securing with 2-step authentication!
New sites continue to add support for 2-step authentication and the Google Authenticator app every month. While two-step authentication may not protect your data from the U.S. National Security Agency, it will help prevent unauthorized access to your accounts. Enable it wherever possible today.
Andy Wolber helps people understand and leverage technology for social impact. He resides in Ann Arbor, MI with his wife, Liz, and daughter, Katie.