Did you know that Google has a much better authentication system than just username and password? If you don’t here it is. I was surprised so many people don’t know about it, but they don’t advertise very prominently.
2 Factor Authentication
A normal password is fine but only requires one factor besides your user name. The password. This is simply something you know. Therefore if your computer is compromised, or your password is easily guessed, or you just tell the wrong person, access is easily gained!
So let’s add another factor. This factor is something you have. Many companies use small key chain fobs that display a constantly changing number. Only the person with this will be able to gain access because they need their password, and the fob, which gives this other constantly changing code.
Google’s Something(s) you have
In the case of Google, a cell phone, smart phone, or slip of paper. Three ways, one of the most friendly and usable solutions I can think of.
If you want to skip my explanation, check out Google’s video of information here, which tells you just about everything. But I like to write so I’ll continue.
What you do is in your account page, look for this, select Other Google Account Settings:
Then look for this part on the next screen:
Select 2-step verification. There is where all the settings live.
How Login Works
Once set up, after you log into GMail, you’re asked for another type of password, a numeric code that is different every 3o seconds. So how would you know that code? Your phone of course.
Doing this sounds painful if you log in often. But fear not, Google will save this permission for 30 days if you check a box when logging in, so only once a month will you do this (unless you clear your cookies)
The Code Choices
The first choice you have is to simply use your cell phone via voice, no text message or smartphone needed. When you log into Google, it will ask for the extra code. Google will call your cell phone and a synthesized voice will give you that code. Therefore, unless someone has your cell phone, nobody can log into your account even if your password is stolen!
That’s pretty good, even and old cell phone (or wired phone if you never travel) will do.
The second choice is to do this via SMS messaging. A message is sent to you via SMS with the code. It costs you an SMS message but as mentioned above you don’t have to do it often.
The third choice is the easiest, there are apps for IOS and Android that will display this code without Google having to send it. So it’s a bit faster if SMS messages take time for you, and this will work even if your phone has no signal.
Rock solid! But wait! There’s more!
What if I have an oopsie?
This one is good. So what if the something you have is no longer something you have? Such as, your phone was stolen, lost, or tossed away!
There comes the backup passwords, and this one is very smart. On the setup page you can display and print a tiny list of ten 8-character passwords. Any of these passwords will work one time to get you logged in. So if you lose your phone, simply use one of these, login, and set up again on your new phone.
Exceptions, oh well
So Google is great and your account can be used for many things beyond Gmail. However there are gotchas, and one is that not all of Google’s services are smart enough to prompt you for this second step.
For these you generate application-specific passwords. These are 16 character random passwords that work like a normal password, and you enter them in the normal way, and you will NOT get prompted for the 2-step code.
Sounds like a hole in the system! Well it’s not so bad because they are pretty strong passwords and can be revoked at any time by you.
You will need this kind of password for mail if you use a cell phone that uses imap etc. Also one of the services that needs it is Google Sync. You can create as many as you like though.
Do it! Do it now!
So go and enable this! Your mail account can be the keys to the kingdom, it’s more valuable than you may realize. Bank online? Thieves will go try every “forgot my password” option on every bank they can think of! So why not make it hard for them.