Google’s has made available it’s one of the most intriguing and comprehensive security measure, the two step authentication.
Google announced Advanced sign-in security for Google account on 10th Feb,2011 on both Google Official Blog and Gmail Blog.
Google two step authentication is one of the most sophisticated technique that involves account password and verification code sent to your linked phone linked to your Google/Gmail account.
So how is this total process?
First you need you sign in to your Google/Gmail account via Google Accounts https://www.google.com/accounts/.
Then under Personal Settings > Security click on the Using 2-step verification to turn two factor or two step authentication on.
There on instructions would follow as to how to turn on two step authentication.
Set up your phone.
Add backup options in case your phone is unavailable.
Confirm your settings and turn on 2-step verification.
Click on the Set Up 2-Step Verification.
This action would be followed by three steps given above.
Setup your phone > Add a backup > Confirm
Add your phone you would be given option to select from SMS text message or Automated voice message.
Select any a text or call would be placed to your number with the verification code, enter the verification code and click verify.
Then Follows the backup options in-case you loose your phone or or your phone isn’t available at that time, you would be provided with 10 codes that would give you one time access to your account store them in your wallet or vault don’t make a mistake of keeping a draft in the mail itself, store someplace convenient and safe like some other account say.
Keep a print of the codes and better keep them in your wallet.
Then you would be asked to add another number in-case the first one is not available, there is an option to verify the phone, it is completely optional. Your second phone is configured.
If you are using services like Gmail Mobile, Desktop Picasa, Adwords etc, Google would prompt you to set Application Specific Passwords because these services don’t use 2-step authentication. Google says, “Application-specific passwords need to be entered only once for each application, and don’t need to be memorized.”
You are almost done confirm the phone numbers and that you have printed the backup codes then click on the Turn on 2-step verification, you would be signed out of all devices and services.
Login again now using 2-step authentication Google would ask for both password of your account, once the password is entered Google would send you the verification code to your primary number if available otherwise it would send the verification code to the secondary phone, unavailability of which would amount to using the back up codes. There is an option to remember the authentication for 30 days {cookies}
Once in, it depends on whether you use services like Gmail mobile if yes then you would be prompted to create Application Specific Passwords, click on the prompt and you would be shown the list of sites that you have given access to your Google Account and a password generator for specific Applications like, Gtalk/Pidgin client, Thunderbird, Gmail Mobile.
Enter the application and generate the password now this password would be shown only once so you must carefully follow the instructions: Use the username and this Application Specific Generated Password to sign in to your Application for which it was created, thus generate passwords for the Applications for which 2-Step Authentication hasn’t yet been turned on and those which are hardcoded to just receive the username/password combinations.
Google probably created this extra security measure due to account hijacking of users.
Google Two Step Authentication is the Lock for Locks.
