How to set up Google’s two-factor authentication

We introduced the two-factor authentication, or two-step authentication how Google calls it, and why it is necessary.

 

Here is how you do this for Google’s services, email in particular:

 

 

Step 1

1. Start on this page.

2. Click on the “Get Started”

You will be asked to login using the user name and password.

3. If you haven’t done this already, you will be asked automatically to enable account recovery via SMS and secondary email address.

 

 

4. Go to https://www.google.com/settings/security and click on the Edit button near “Status: OFF”

5. You should be on this page: https://accounts.google.com/b/0/SmsAuthLanding

6. Click on Start Setup and follow the steps. Make sure you have your mobile phone at hand.

7. After you receive the SMS then make sure that you mark your computer as trusted.

8. Do this only for your computer and don’t do this on other computers that you can’t always control

 

9. Last, confirm that you want to enable it. Don’t forget to click on that button, otherwise Google will not activate the service and you’ll have to start from the beginning again.

 

 

Step II

Now comes the more interesting part. Not only humans will get to pass the two steps in the authentication process, but also applications. This means that any application that is using any Google service like Gmail, Youtube, Docs and others will need to be authenticated using two steps.

Note this URL (https://accounts.google.com/b/0/IssuedAuthSubTokens ) in your browser’s bookmarks because from now on you will need it often until you set up all your applications on all your devices. If you are like me and read email on an Android Tablet, an iPad, an iPhone, two laptops with standard email clients and you allow some online applications to work with your email, you will need this quite often at the beginning.

 

 

If you want to use email programs like Outlook, Apple Mail or Thunderbird, you need to give them the newly generated passwords.

To use these programs, you first need to generate an application-specific password. If you don’t do this, you will no longer be able to read emails using those applications.

As soon as you generate the new password enter it in the password field of your application instead of your regular password used to access your Google account. You must create a new application-specific password for each application that needs one.

 

What happens if you don’t have access to your mobile phone?

Google decided to use a method previously used by banks but abandoned in favor of SMSes sent to mobile phones: Transaction Numbers (TANs).

By accessing the “Backup codes” you can print such a list of codes and have it always with you just in case you don’t have the mobile phone or you don’t have network coverage.

 

Sorin Mustaca

IT Security Expert