Everyday,
tens of thousands of personal accounts are hacked. Personal information
is compromised, passwords are cracked, and lives are put in jeopardy.
If you ever use one password for multiple accounts, you are
exponentially increasing your vulnerability to being hacked. Thankfully, Google has launched its 2-step verification system: anytime an unknown device is used to sign into your Google account, the user has to provide a verification code in addition to the password.
So it's not enough for hackers to just get your password; they'll also
need physical control of your phone or computer to access your account.
Sign into your Gmail account. Click on a thumbnail of your avatar on the right side of the top menu bar, and then click "Account" to update your settings.
You will land on your Account Settings page. On the left menu bar, click "Security."
In the 2-step verification section, you'll see if you already have 2-step verification turned on. If it says "OFF," click "Edit" to set the feature up.
You'll see a page that briefly walks through the steps of setting up 2-step verification. Hover over the steps for more detail. Once you're ready, click "Start setup."
Type in your cell phone number. This will be the
phone associated with your Google account. Anytime you sign into your
Google account from an unknown device (e.g., a public computer), Google
will send a verification code to your phone and you will need to enter
that before you can sign in.
Select whether you'd like to receive a text message or Google Voice call with your verification code. Press submit. Then wait for the code to arrive to your phone and enter it in.
Decide whether to trust this device. If you are
turning on 2-step verification from a personal computer or trusted
device, check the "trust this device" box. You will only be asked to
enter a verification code when you sign into this account once per 30
days.
Press OK, and you have just set up 2-step verification for your Google account!
Skip any additional steps that seem unfamiliar or confusing for now --
we will address all of them in successive sections of this article.
Print a list of backup verification codes and store it in a secure but accessible place, like your wallet.
If you ever need to sign into your Google account but don't have your
primary phone with you, you can enter one of these codes instead.
Under "How to receive codes," click on the "Show backup codes" link. Print this page.
Application-Specific Passwords:
Understand the need for application-specific passwords. With 2-step verification, Google has you covered every time you sign into your account from a web browser.However, if you use your Google account with other applications, such
as Microsoft Outlook or a mobile device's mail application, those
systems cannot ask you for a verification code. Therefore, you will need
to sign into those systems once with an application-specific
password. You will only need to re-enter an application-specific
password if you choose to reset it and generate a new one for that
device.
Generate application-specific passwords for your devices. Go to your 2-step verification settings page
or click "Edit" next to 2-step verification on the Security Account
Settings page (steps 1-3 above). Scroll down and click on "Manage
application-specific passwords."
At the top of the page, you will see a list of sites,
applications and devices to which you have granted some level of access
to your account. If you allowed a third-party website (e.g.,
LinkedIn, Twitter, Foursquare) to comb your Gmail Contacts to find
friends, for example, you will see that listed. If you use other Google
applications, you will also see those listed. Feel free to revoke access
to any site or program you no longer wish to use
Scroll down to the field at the bottom for entering the name of a device.
Enter in something that will help you remember what this
application-specific password is for -- e.g., Mail App on iPhone, Google
App on iPhone, Chrome Sync, Outlook, Thunderbird, or whatever describes
your application. Click "Generate password".
Open up the application. Go to the settings page
where you enter in your Google Account information. Type in your Google
account name as usual. Now instead of your account password, type in the application-specific password in the password field. You have now granted this application full access to your Google account.
You will only need to enter this password once. There is no need to
write it down or memorize it, and it will not be displayed by Google
again.
Click "Done" on your web browser once you have successfully entered the application-specific password.
If You Lose Your Phone:
If you lose your phone and have 2-step verification turned on, you can
still access your Gmail account. You also can and should follow these
steps to stop strangers from gaining access to your Google accounts.
Revoke your current application-specific passwords.
If you have a smartphone with apps linked to your Google account, they
will automatically be signed out. When you get a new phone, you can
generate new application-specific passwords (see previous section) and
enter them into your new devices.
If you get phone and change your phone number, be sure to revoke access to your previous number on the 2-step verification settings page.