How to set up two-factor authentication on your Google account
Keep your Google account data safe with this essential security feature.
Updated 06/21/16: Includes more recent and accurate images, as well as information about Google's new on-phone prompt.
You don’t have to possess a stash of nude selfies in your Google account to know that it’s time to take better precautions against getting hacked.
Two-factor authentication (also called two-step verification) is one of the best weapons you can use against digital thieves. Fortunately, it is rather easy to set up for your Google account, providing an extra layer of security to guard against unwanted access to your stuff.
How it all works
Every time you sign in to your Google account it will require not only your password (you are using a password manager, right?) but a six-digit code generated through a text message, the Google Authenticator app, or an approval from the Google prompt. This way, if someone were to hack your password, they could not gain full account access unless they had your phone.
Don’t let a masked, unshaved criminal into your Google account.
If they have your password and phone, well, you’re probably in greater danger than just having your email exposed.
There will be times when it will be a pain in the neck to type in the code when you just want to quickly access some information. But as an Android user, your Google account is the main hub of your digital life: Gmail, photos, contacts, work files, and Google Play purchases all reside there. Compromising all that data would wreak serious havoc.
Start in your browser
To get going, head to Google’s My Account page and then Sign-in & Security > Signing into Google > 2-Step verification.
You’ll be able to choose among three different second steps: Google prompt, authenticator app, or SMS. For the Google prompt, the app will let you select from any phones you have connected to your Google account.
You can use any phone connected to your Google account as long as some type of screen lock (like fingerprint or PIN) is enabled.
After you add a phone, you’ll need to authenticate it one time. This will give you a preview of how it actually works: you’ll get a push alert (also replicated to Android Wear) to approve your requested entry to your Google account. Approve this request, and then you’re in.
Approve the sign-in request and then you’re off to the races.
Another solid method is the Google Authenticator app. This generates a random code that routinely changes so that no one else could steal or guess it. When you type in your password, you’ll enter the code and then be granted entry to your account.
Google Authenticator spits out codes to let you into your account.
There’s also an Android Wear app, so you can grab a code right straight from your watch.
Google makes the Authenticator app for iOS and Android. Some third-party services, like Evernote and Snapchat, also allow you to generate a separate code for entry specifically to their apps when you sign in for the first time.
Finally, there’s the SMS method. Google will send a code via text message to your smartphone, and then you’ll enter that when prompted.
Select a phone number to receive text messages or voice codes when you want to sign in to your Google account.
Select the prompt for 2-Step Verification, then choose a phone number to receive text codes. If you already connected a number to your Google account it will be the default suggestion. Otherwise, you may add another number.
Add the phone number you want to receive SMS backup codes with.
Then choose to receive the codes as SMS, unless you want to take an automated phone call every time.
The first six-digit verification code will then arrive on your phone. Enter that number on the screen. Next you will be asked to “trust” this computer.
If this is your main machine select yes, so you don’t have to go through the two-step process every time you access a Google service. However, if you swap around the machine (or don’t trust your roommate) then skip this step.
Print off backup codes
As another safeguard, Google will create a list of one-time codes that you can use in case you are without your phone. Go into your account settings and click the Print or Download button. It then generates a list of ten different eight-digit codes in a small rectangle that can be printed off and saved in a wallet.
Print off backup codes to save in your wallet or save them as a text file.
You can also download them to a text file. Just be sure to save it somewhere you can easily access in the event that you’re locked out of your Google account.
App-specific passwords
If you connect your Google account to a non-Android device, you may need to create what is called a one-time password. Not all services support two-factor authentication, so Google generates a one-time-only password to grant access to your account from apps like email or calendar on iOS.
Get app-specific passwords for other platforms.
In your account settings select app passwords, and then choose the app and platform from the drop-down menus. You can customize the app if you are using another third-party app that isn’t listed.
If you sell a device or no longer use these services, be sure to head back into your security settings and revoke access from those applications.
Taking these steps are well worth whatever short-term inconvenience they may cause. Password and security breaches are an almost daily occurrence, so fire up that two-factor authentication and you don’t become the next victim.
For comprehensive coverage of the Android ecosystem, visit Greenbot.com.