How-To: Gmail Tip on Two Factor Authentication

Your email is the skeleton key to your online identity. When you lose control of your email to a hacker – not if, but when you lose control of your email to a hacker – the situation is dire. Email is a one stop shop for online identity theft. You should start thinking of security for your email as roughly equivalent to the sort of security you’d want on your bank account. It’s exceedingly close to that in practice.

The good news, at least if you use GMail, is that you can make your email virtually hacker-proof today, provided you own a cell phone. The fancy geek technical term for this is two factor authentication, but that doesn’t matter right now. What matters is that until you turn this on, your email is vulnerable. So let’s get started. Not tomorrow. Not next week.

Go to your Google Account Settings

Google-account-settings

Make sure you’re logged in. Expand the little drop-down user info panel at the top right of most Google pages. From here, click “Account” to view your account settings.

Google-enable-two-factor-auth

On the account settings page, click “edit” next to 2-step verification and turn it on.

Have Your Cell Phone Ready

GMail will walk you through the next few steps. You just need a telephone that can receive SMS text messages. Enter the numeric code sent through the text message to proceed.

 

Now Log In With Your Password and a PIN

Now your password alone is no longer enough to access your email.

Google-two-factor-login

Once this is enabled, accessing your email always requires the password, and a code delivered via your cell phone. (You can check the “remember me for 30 days on this device” check box so you don’t have to do this every time.) With this in place, even if they discover your super sekrit email password, would-be hackers can’t do anything useful with it! To access your email, they’d need to somehow gain control of your cell phone, too. I can’t see that happening unless you’re in some sort of hostage situation, and at that point I think email security is the least of your problems.

What If I Lose My Cell Phone?

Your cell phone isn’t the only way to get the secondary PIN you need to access your email. On the account page there are multiple ways to generate verification codes, including adding a secondary backup phone number, and downloading mobile applications that can generate verification codes without a text message (but that requires a smart phone, naturally).

Google-backup-email-codes

This also includes the never-fails-always-works option: printing out the single-use backup verification codes on a piece of paper. Go do this now. Right now! And keep those backup codes with you at all times. Put them in your wallet, purse, man-purse, or whatever it is that travels with you most often when you get out of bed.

Backup-verification-codes

What About Apps That Access Email?

Applications or websites that access your email, and thus necessarily store your email address and password, are also affected. They have no idea that they now need to enter a PIN, too, so they’ll all be broken. You’ll need to generate app-specific passwords for your email. To do that, visit the accounts page.

Google-enabling-apps

Click on authorizing applications & sites, then enter a name for the application and click the Generate Password button.

Google-generated-app-password

Let me be clear about this, because it can be confusing: enter that specially generated password in the application, not your master email password.

This effectively creates a list of passwords specific to each application. So you can see the date each one was last used, and revoke each app’s permission to touch your email individually as necessary without ever revealing your primary email password to any application, ever.

Credit: Jeff Hatwood of Coding Horror

 

Comments are closed.