Recently Google announced the availability of two-factor authentication on accounts. Two-factor authentication makes your account much more secure by requiring two methods of authentication (one of them being your normal password.) The second “factor” with Google is either your mobile phone or a backup, one-time password generated when you enable the service. Google gives you ten one-use passwords, in a printable little wallet-sized card format. If you can’t get to the internet or lose your smartphone, you have a backup in your wallet or fire safe.
When you enable two-factor authentication, you will log in to your Google account normally; but every 30 days you will be required to dual-authenticate.
This is great news, but in cryptic Google fashion, it’s almost impossible to figure out how to do this on your account. The first thing that they failed to mention is that two-factor authentication is being phased in slowly. Not everybody can enable it yet. Secondly, their user interface for even finding two-factor authentication is horrendous. We’ll try to make it as easy as possible for you.
Here’s the step-by-step breakdown:
1. Download and install the app for your smartphone: Android, BlackBerry, iOS
All you need to do is install the app. The Android version will also require the Barcode Scanner app from ZXing (which is free, and tremendously useful.)
2. Visit the SMSAuthConfig page from Google
This is the part where you get find out if two-factor authentication is available for your Google account yet. If not, try again in a couple of days. They seem to be rolling out pretty quickly.
3. Use the smartphone app to scan the provided QR code
Once you open the Google Authenticator app, you can scan the QR code provided and it will instantly spit back a verification code. Easy-peasy.
4. Print your backup codes
This may seem trivial, but it could be the difference between a happy day and a nightmare of losing access to your Google account. Don’t be lazy. Print them out, cut them out, and stick them in your wallet or glovebox or something.
5. Set up backup authentication via SMS
In the next step, you can put in a telephone number for SMS. If you ever lose your authentication keys, you can have Google send one to an authorized device via SMS. Again; don’t be lazy! Set this up now to avoid heartache down the line. To set it up, put your number in the box and click “send”. Type in the code they text you. Simple.
6. Set up application-specific passwords
Some Google applications don’t honor the two-factor authentication seamlessly. No problem, you can generate application-specific passwords that protect those apps. It’s easier done than said. Once you turn on two-factor authentication in the final step, you’ll be logged out of your Google account. Log back in using your normal password and your new second factor (the number generated from your smartphone). It will tell you that you may need to create application-specific passwords. The first app I had to do that for was my mobile Gmail.
For the first app, I typed in the name “Android”. It then generated a one-time password. No need to memorize it, you just cut and paste it into the app when prompted for authentication. For my mobile Gmail, I had to type it in one time and now it works seamlessly.
If you need to authorize an application that doesn’t recognize two-factor authentication, you can get back to this page by going to your Google Account page, and clicking “Authorizing applications & sites” under “Security”.
In case you were wondering, I can verify that the Google Authenticator smartphone app does handle multiple Google accounts without any issues. When you pull up the screen, it delineates your accounts and the specific keys for them very clearly.
That should be it. You can choose to be prompted every 30 days, or every single time you login, depending on how paranoid or security conscious you are.
Enjoy your new, super-secure Google account!