Google's Two factor Authentication

Google accounts these days link up to a lot more than just your email. Calendars, contacts and Google drive to name just a few. For developers your Google account may also be the gateway to accessing information about your web site through services like analytics, not to mention your email which is often the key to gaining access to accounts with other companies, like domains or hosting. If keeping these accounts and data safe is something you take seriously, then Google's two step verification process might be just for you. 

What is Google Two Step Verification?

Google two step verification (also known as two factor) is a prevention measure against your password being stolen and used to access your account. The system works by asking for a second level of security in the form of a code that will be sent to your phone via text, voice call, or using a mobile app. 

Do I have to do this on every device?

No, Google gives you the option to disable the two step authentication on specific devices, meaning you can save yourself the hassle when you're at home or on a known, secure device and network. 

What if my phone gets stolen?

Don't worry - it's all been thought through! During the setup process you can setup backup telephone numbers (mobile or landline) as well as one-time use backup codes that you can print or store on a secure drive. 

How do I set it up?

  • Before getting started, it's recommend you follow these steps on a device you want to use as 'trusted', i.e. won't be asking for a verification code every time.
  • Visit the Google information page and click 'Get Started' followed by 'Start Setup'.
  • Choose the method you would like to use to recieve the codes and enter your telephone number to confirm. This will send you a code you can use to proceed to the next step.
  • Google will then recommend that you use the current device as 'trusted' meaning it will only ask for the password every 30 days (useful if your phone gets stolen!).
  • Click to confirm.

Now that you're setup, login (re-confirm) and create a backup telephone number incase your phone is lost or stolen. You can also print or store several backup codes for one-time use (make sure you store these somewhere secure!). These steps will ensure you don't get locked out of your account. You also might want to consider switching to the app rather than using text messages as this will work even if your phone has limited connectivitiy. 

I can't access my account on any of my apps!

Now that you're setup with two-step verification you may notice some of your apps or services like webmail stop working on your devices (e.g. webmail on your tablet). To set these up there's an App-Specific password tab on the 2-step verification settings page that you can use to generate passwords for applications that aren't compatible with 2-step verification. These passwords are designed to be entered once into your application so you don't need to memorise them.


Google can't enable 2-step verification because your administrator has not enabled it...

"Please contact your domain administrator to enable 2-step verification for through the Google Apps administrator control panel."

Because I'm using Google Business Apps my account technically has an administrator, even though this is also me. So to use certain features like two step authentication I first have to enable it. To do this follow these steps:

  • Go to the admin console and login
  • Go to the security option (you may need to click 'More Controls' at the bottom
  • Click on 'Basic Settings' 
  • Check the box 'Allow users to turn on 2-step verification'
  • Click 'Save Changes'
Sign Up
comments powered by Disqus

Popular Tags

Need a web developer?

If you'd like to work with code synthesis on your next project get in touch via the contact page.