Google’s 2-step verification provides an additional layer of account and app protection for your Google products and services. You will sign in with something you know (your password) and something you have (mobile phone). For the benefit of this post, I used an Android device running Jelly Bean 4.1.2.
Google’s 2-step verification works with Android 2.2 upwards. It only works with Google accounts but some apps might support it. Check with the developer if you are unsure if the app supports 2-step verification.
- Head over to the Google Play Store and download Google Authenticator
- Tap ‘Begin setup’ to open the ‘Add an account’ screen
- You have three options – scan a barcode (I use QR Droid) enter a key provided or use a Google account
- I suggest you choose to tap your default Google account – you will now asked to ‘Continue on a computer’
- Then you will need to visit: https://accounts.google.com/security on your computer which will open the ‘Accounts’ screen
- Sign in with your Google credentials (unless you are already logged into Chrome)
- Locate 2-step verification and click > Settings
- Click > Start setup to view the Set up of your mobile phone
- Click > Add a phone number – you have the option of receiving the verification code by SMS text message or voice call. I use the SMS text message option
- Next up you need to verify the mobile you want the code sent too. Enter the six digit code and press > Verify to continue
- If you don’t receive the code just click ‘Didn’t get the code?’ and start again
- Next up, you need to set up a trusted computer/tablet
What happens if you lose your mobile device? You need to setup a trusted computer (your primary computer/tablet), as you don’t want to be asked for a verification code every time you sign in.
- Turn on 2-step verification and click > Confirm – this will add the process to your Google account. This means you will be asked for the verification code when signing in from an untrusted computer/tablet
- You can the verification codes from many sources. I added a backup mobile number. You can also > Show backup codes – I saved this .txt file to my trusted computer
- Mobile application > you will now need to enable this option for your Android device. There are also options for iPhone and BlackBerry. Note: You can only use codes generated on ONE device
Once the Trusted Computer/Tablet is setup you will now be able to receive your codes via the Google Authenticator app
> Tap the app icon to open Authenticator. This will generate a time correction code which is updated every 30 seconds
If you ever have to:
- Update your mobile mobile phone numbers
- Create other backup options
- Turn off 2-step verification
Then you will need to visit: https://accounts.google.com/security
There have been some well documented security concerns with Google’s 2-step verification, but Google is now maintaining some per-session state to identify how you authenticated. The account-settings portal will now only allow you to access security-sensitive settings in the latter case. This is a sensible move by the Google security team.
Safe surfing folks!