If there is one thing on earth that separates your email account from the hacker next door, it’s the password.
Sure, you can set up a secondary email address or add a mobile number to your Google account for recovering passwords, in case you forget it. But if someone else manages to guess your Gmail account password and successfully logs into your Google account, the first thing he would be doing is replace your recovery email with one of his own email address and remove the phone number from your Google account settings.
Result: You lose your Google account. Forever !
There are situations when a third party web surfer can guess your Gmail or Google account credentials. Examples:
1. You are checking email from a shared computer but don’t know that the administrator has secretly installed a keylogger script. Someone may be tracking those keystrokes from that public computer and this is one of the reasons why I never check email from any computer which I don’t own. Some more tips on protecting yourself from Keylogger programs
2. You are surfing the web on a not no secured Wi-fi connection and someone used malicious add-ons like Firesheep to sniff your login data. Here is how to protect your online accounts from password sniffing.
3. You regularly check your email from office and one of your colleagues might get a sneak peak while you’re typing that password.
4. You use the same common passwords across all the sites, and most of the passwords are so common that they are easily guessable
The Idea Behind Google’s Two Step Authentication System
Earlier today, Google added an extra layer of security for your Google account, announcing the introduction of two factor authentication system for advanced Gmail sign in security. The new verficiatin system makes your Google account more secure by requiring two independent parameters for account authentication.
A similar authentication system can be seen for online banking accounts, where users need to type their passwrd along with a unique code sent directly to your mobile phone. The idea is simple – if someone manages to guess or crack your password, he won’t login unless he enters the second verification code sent to your mobile. The only annyance is that you will have to spend some more time with logging in and verify your identity by entering the verification code sent to your mobile.
How To Setup Google Two Step Authentication System
Here is how to setup Google’s Two factor authentication system and secure your Gmail and Google accounts: 1. Login to Your Google account and go to “Account settings page”. Then click “Using 2 step authentication” Note: You won’t see the 2 step verification link until you have added a mobile number to your Google account and verified it’s authority.
2. This will take you to a Wizard page where you have to add a mobile number to your Google account. This mobile device will be used for the second step of the two step authentication system i.e the authentication code will be sent to this device only. So use your own mobile and don’t put just anyone’s else number (not even your best friend’s).
There are three ways to let Google send the two step verification code to your mobile phone:
- Using the Google Authenticatr App for Android, BlackBerry or iPhone.
- Sending an SMS message, works with any mobile phone and not just smartphones.
- A voice call to any phone number so this is useful for those who don’t have a mobile phone yet.
I would prefer using the SMS option because it can be really time consuming to find the Authenticator app and launch it again and again, scanning the QR code and so on
Using the Google Two Step Authentication For Logging In
When you have succesfully activated Google’s two step authentication system, here is how the entire logging thing works :
You type in the username and password as always. Hitting the “Sign in” button will ask for the second step verification code, as shown below:
If you don’t remember the verification code that’s sent to your mobile or Android device, no need to panic. You can always request a fresh code using the link “Get a new verification code” and let Google send an SMS message to your phone or make a voice call to your land number.
When you have received the new verification code for login, enter it in the verification box and select the checkbox “Remember verification on this computer”. Chosing the “Remember” setting is entirely “optional” but you may want to utilize this setting on the home computer and dont want to spend too much time logging in with the two step verification code again and again.
For all other computers e.g Office computers, college or internet parlors, you should not use the “Remember” setting at all. Careful !
Can’t find the “Using two step verification” link in your Google Account settings page ? No worries, this feature is slowly being rolled out across all users and the link should appear shortly.
Facebook does not support such an enhanced security but those who always worry about their Facebook account security, should set up login alerts for Facebook and receive email notifications when any suspicious activity is recorded.
Google’s two step verification is indeed a nice step towards enhanced Gmail security. Note that this verification system also works for Google Apps accounts, apart from regular Gmail and Google accounts. The Google Apps tutorial will be covered in another upcoming article.