How to set up Google’s two-factor authentication

We introduced the two-factor authentication, or two-step authentication how Google calls it, and why it is necessary.


Here is how you do this for Google’s services, email in particular:



Step 1

1. Start on this page.

2. Click on the “Get Started”

You will be asked to login using the user name and password.

3. If you haven’t done this already, you will be asked automatically to enable account recovery via SMS and secondary email address.



4. Go to and click on the Edit button near “Status: OFF”

5. You should be on this page:

6. Click on Start Setup and follow the steps. Make sure you have your mobile phone at hand.

7. After you receive the SMS then make sure that you mark your computer as trusted.

8. Do this only for your computer and don’t do this on other computers that you can’t always control


9. Last, confirm that you want to enable it. Don’t forget to click on that button, otherwise Google will not activate the service and you’ll have to start from the beginning again.



Step II

Now comes the more interesting part. Not only humans will get to pass the two steps in the authentication process, but also applications. This means that any application that is using any Google service like Gmail, Youtube, Docs and others will need to be authenticated using two steps.

Note this URL ( ) in your browser’s bookmarks because from now on you will need it often until you set up all your applications on all your devices. If you are like me and read email on an Android Tablet, an iPad, an iPhone, two laptops with standard email clients and you allow some online applications to work with your email, you will need this quite often at the beginning.



If you want to use email programs like Outlook, Apple Mail or Thunderbird, you need to give them the newly generated passwords.

To use these programs, you first need to generate an application-specific password. If you don’t do this, you will no longer be able to read emails using those applications.

As soon as you generate the new password enter it in the password field of your application instead of your regular password used to access your Google account. You must create a new application-specific password for each application that needs one.


What happens if you don’t have access to your mobile phone?

Google decided to use a method previously used by banks but abandoned in favor of SMSes sent to mobile phones: Transaction Numbers (TANs).

By accessing the “Backup codes” you can print such a list of codes and have it always with you just in case you don’t have the mobile phone or you don’t have network coverage.


Sorin Mustaca

IT Security Expert

via Avira – TechBlog

© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

1 Comment on "How to set up Google’s two-factor authentication"

  1. this method is good if user make all steps, but how many users print a list with one time use number (Transaction Numbers (TANs))

    If such a user (that don’t save that list) lost hist phone (or his phone was stoled/ or change phone number and not update gmail data)…have very little chances to recover his email

Comments are closed.

%d bloggers like this: