Protect your gmail account with Two-Factor Authentication
An email account is a sensitive treasure that needs to be protected and users are in constant trouble keeping it safe and sound, sometimes their passwords are lost, others are stolen and you will start hearing people with scenarios that “emails are gone”, “someone is sending emails on as myself”, etc. Having a super-strong password with 13 or more characters is not enough these days, as users, we have to be responsible for our email account and ensure that they are protected with all the possible security features available, there are dangers everywhere and they will attempt to hurt your account badly. It may not just stole (or alter) your personal data, the damage could be bigger than that, like some secret company information leaked (business strategies, test plans, potential customers or the plans for a superb product) so… you may lose your job and bring down a market opportunity at the same time.
So, What’s the Two-Factor Authentication? It’s a two stage verification of your identity as the owner of a certain service, for instance email accounts, vpn access, etc. The procedure may vary from each service provider, but for our example, Google offers a simple approach, your password plus a verification passcode which is generated by the mobile app called Google Authenticator (available at Google Play Market and Apple App Store).The app allows the generation of the 6-Digit passcode required for the second stage of the verification every 30 seconds, expired passcodes are automatically declared as invalid so a new one must be used, alternatively, you can choose to get the passcode via SMS which doesn’t expire, but if you don’t have signal or roaming, then the two-factor authentication may block your access, if you still want this approach and you need to go to a place without mobile coverage, you can ask for passcodes manually and write them in a piece of paper that can be so easy to lose… now you see why I prefer to use the mobile app for this.
Note: This guide works for both normal gmail users and accounts provided from Google App on a third party domain. Additional configuration is required for third-party gmail accounts, the Two-Factor authentication should be enabled by the Google Apps Administration.
Step 1. Start your gmail session as usual
Just start your normal gmail session at http://gmail.com
Step 2. Open the security options on your “Account” Page
Once your session is ready, click on you profile picture at the top-right on your screen, then click on “Account”
Then at the top of the screen, click at Security:
Once on the security screen, click at Setup like this:
After this, google will display some valuable information about the Two-Factor Authentication, it’s pretty much a similar explanation like my introduction, click on Start Setup:
Now you have to register a phone on your account, Google requires this in order to validate your ownership with the email account and establish a primary channel for the Two-Factor authentication. For now, your phone will receive a SMS or a Voice with a passcode that you need to continue from this page:
You need to enter the code that you receive via SMS or Voice Call, then click Verify. In case that no code is received within 15 minutes, click at the link Didn’t get the code?, google will regenerate and send another code to you.
Once your code is verified the following screen will appear:
This is really important, if you check the box, google won’t ask you for the verification code on this computer since it’ s your trusted pc (private use), for 30 days you can bypass the Two-Factor Authentication on that machine only, if you open a session in another computer or after 30 days on the same machine, the passcode will be require. You must have extreme caution and don’t designate every machine as trusted, you need to keep control of which are your trusted computers.
Note: This “Trusted Machine” feature works for the second stage verification only, your Account password is still required.
After clicking next, you will see the following to you:
At this moment, the Two-factor authentication will be enabled as soon you click the Confirm button, but it will use SMS or voice call by default, so if you don’t have signal coverage or even your phone, you won’t be able to start a session. Now, keep calm and continue reading, once you click confirm, you will the following screen:
This page will indicate which channel is set for the verification, by default a phone call or a sms, now let’s activate the Google Authenticator App, click at the button Switch to app:
Choose the OS of your smartphone, then….
This screen will be displayed with a QR Picture in the middle, at this point you should have the Google Authenticator installed on your device, open the app and click at the plus (+) symbol at the bottom of the screen like this:
If you don’t have other entries like me, the app will open directly into this screen:
Once you reach that screen, click at the Scan Barcode button, that will open your rear camera and you have to align the reticle with the QR picture on your screen like this:
The app will focus your camera automatically, once the QR is scanned, the entry will appear in the main screen of the app like this:
Take a few moments to customize your entries, you can add labels to each one just to keep order. On this screen, the app will generate a new code every 30 seconds, after that time the old code is completely invalid for google, so be quick at this section.
Now back on your computer, grab a code from you google authenticator and type it into the verification field at the bottom of the screen:
Remember, you have 30 seconds to enter the code, then click at Verify and Save, if the form says that the code it’s invalid, you will have to grab a new one. Finally, once the app is verified you will see this screen:
You can close your session at this point or move back to gmail.com. From this point, if you start a gmail session on any other machine, Google will display the following screen:
Once this screen appears, you have to grab your mobile and open the google authenticator and copy the verification code available within 30 seconds, if you want ,you can “trust” the computer for 30 days (private use computers….. please) just to speed up things.
Now your gmail account is protected with an additional security layer, even if you lose your password (or stolen), it will require your authentication passcode to really compromise your account and that it’s only generated from your mobile…. so DO NOT LOSE YOUR MOBILE.
Latest posts by Carlos Alberto Umanzor Arguedas (see all)