Google had announced two-step verification for some of its Google Apps accounts back in September 2010. Now it is rolling out this extra security feature for all Gmail users. This is a good step as it means two sets of verification instead of just one which is the password.
The second verification step will be a code sent through a SMS on your phone. It is highly unlike for a hacker to be in possession of both your password and your phone, so this security measure will be almost foolproof.
- Once you sign-in to your Google Account, just look up Account settings page.
- Here there is a new link to enable 2-Step verification (as seen in image above).
- Here you will be prompted to enter your mobile phone number and a verification code sent. From then on you need to use your password and also the verification code.
- A feature to remember your code for 30 days is also available.
Why is 2-step verification better?
Most people will be happy with just a password as their security. But now a days it’s not just your email that is managed with a google account. We have photos, access to various apps and so many other important services with Google that having 2 step verification is a much desired feature.
What are your views on 2-step verification with Google? Will you opt for it, especially for accounts which are linked to Adsense? Do drop in your comments.
Source: Google Blog
9 Comments
I wouldn’t activate this without Google providing an emergency system to bypass the authentication (yes a backdoor).
Why? I might lose the phone, may not be near the phone, phone might be dead, and most IMPORTANTLY: During New Years, Diwali etc. when SMS’es reach 2 hours later, I want to be able to access my E-Mail account!
Example of way out: Google can require accounts to have a 2nd password, that can be entered instead of the phone verification.
Users should use this only as a backup on computer’s they know are safe (home PC’s Not cyber cafe etc.).
You do not need to get verification code every time you sign-in. Its sent once, and either you can carry your phone or write it down or even by heart the code.
No it is not that way.
You need a code Every Sign in. Otherwise there is NO use!
Otherwise: A keylogger/hacker can get both once, and keep logging in.
My bank has a simillar system. Their key is valid for the entire day. Next day I need to generate a new key.
Unless you select :
[[If you like, you can always choose a “Remember verification for this computer for 30 days” option, and you won’t need to re-enter a code for another 30 days.]]
Oops!
Interesting. But still I cannot think of a better way if you want extra security for your google accounts.
As I said. Enable the above feature (Mobile phone code).
AND provide a ‘loop hole’. A second special password, that is supposed to be used by the user ONLY in exceptional circumstances and requires a change within 1 month of first use.
Thus, when the user has a problem accessing his Mobile, and urgently want’s to access his e-mail, he can use this password OVER and Above this normal password.
i.e. a second password.
Also, when user’s use this second password and login, prevent them from performing certain actions. Like delete the account, change the password etc.
Is my code re sent every 30 days?
Yes. The code is resent every 30 days.
For extra security, I decided to add the two way verification to my gmail account. Unfortunately, it seems to have messed up my calendar and contacts syncing. Any ideas?
Thanks