How to set up Google’s two-factor authentication

We introduced the two-factor authentication, or two-step authentication how Google calls it, and why it is necessary.

 

Here is how you do this for Google’s services, email in particular:

 

 

Step 1

1. Start on this page.

2. Click on the “Get Started”

You will be asked to login using the user name and password.

3. If you haven’t done this already, you will be asked automatically to enable account recovery via SMS and secondary email address.

 

 

4. Go to https://www.google.com/settings/security and click on the Edit button near “Status: OFF”

5. You should be on this page: https://accounts.google.com/b/0/SmsAuthLanding

6. Click on Start Setup and follow the steps. Make sure you have your mobile phone at hand.

7. After you receive the SMS then make sure that you mark your computer as trusted.

8. Do this only for your computer and don’t do this on other computers that you can’t always control

 

9. Last, confirm that you want to enable it. Don’t forget to click on that button, otherwise Google will not activate the service and you’ll have to start from the beginning again.

 

 

Step II

Now comes the more interesting part. Not only humans will get to pass the two steps in the authentication process, but also applications. This means that any application that is using any Google service like Gmail, Youtube, Docs and others will need to be authenticated using two steps.

Note this URL (https://accounts.google.com/b/0/IssuedAuthSubTokens ) in your browser’s bookmarks because from now on you will need it often until you set up all your applications on all your devices. If you are like me and read email on an Android Tablet, an iPad, an iPhone, two laptops with standard email clients and you allow some online applications to work with your email, you will need this quite often at the beginning.

 

 

If you want to use email programs like Outlook, Apple Mail or Thunderbird, you need to give them the newly generated passwords.

To use these programs, you first need to generate an application-specific password. If you don’t do this, you will no longer be able to read emails using those applications.

As soon as you generate the new password enter it in the password field of your application instead of your regular password used to access your Google account. You must create a new application-specific password for each application that needs one.

 

What happens if you don’t have access to your mobile phone?

Google decided to use a method previously used by banks but abandoned in favor of SMSes sent to mobile phones: Transaction Numbers (TANs).

By accessing the “Backup codes” you can print such a list of codes and have it always with you just in case you don’t have the mobile phone or you don’t have network coverage.

 

Sorin Mustaca

IT Security Expert

via Avira – TechBlog http://techblog.avira.com/2013/01/08/how-to-set-up-googles-two-factor-authentication/en/


© Copyright 2013 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

1 Comment on "How to set up Google’s two-factor authentication"

  1. this method is good if user make all steps, but how many users print a list with one time use number (Transaction Numbers (TANs))

    If such a user (that don’t save that list) lost hist phone (or his phone was stoled/ or change phone number and not update gmail data)…have very little chances to recover his email

Comments are closed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close