How-To Geek

Increase Security by Enabling Two-Factor Authentication on Your Google Account

You can easily increase the security of your Google account by enabling two-factor authentication; flip it on today for a free security boost.

It’s not a new feature but it’s a feature worth giving a second look. Watch the above video for a quick overview of Google’s two-factor authentication system. Essentially your mobile phone becomes the second authentication tool–you use your password + a code sent to your phone to log into your account. It’s a great way to easily increase the security of your Google account, it’s free, and you can set it so that you only have to validate your home computer once every 30 days.

Google Two-Step Verification [via Google+]

Jason Fitzpatrick is a warranty-voiding DIYer who spends his days cracking opening cases and wrestling with code so you don't have to. If it can be modded, optimized, repurposed, or torn apart for fun he's interested (and probably already at the workbench taking it apart). You can follow him on if you'd like.

  • Published 11/23/11

Comments (8)

  1. Jim

    by far my fav feature that google offers. have utilized it from the start & really like it. sucks when i change/flash my android phone, but that’s something that was a known con when activating this (having to resetup the google authentication app)

  2. dragonbite

    I set it up after the second time my account was closed for questionable activity. Since then I have not had this issue.

    A couple of days ago my phone rang. Needless to say it was Google passing along their verification code. I wasn’t trying to log in at that time. Now I know somebody, somewhere was trying to log into my Google account!!

    Without this second level, I would not have known, and they would have gotten in.

    Time to change my password again, though, because without that they wouldn’t have gotten that far.

  3. Joe

    This works great…but…if you have the Google Music Manager installed, you can run it, then click on “Go to Google Music”, and then go to Gmail without having to put in a password or the verification code. I hope someone from Google reads this and will look into this issue.

  4. The Unspoken

    I can’t use my phone at my work, I am in the Navy and work in a secure space. This is a great idea. Personally I would purchase a token that has a code that changes every few minutes/seconds with the same concept.

    Great concept though for security.

  5. Johann

    Hopefully more and more sites will start adopting this. And by this I mean the actual Google Authenticator itself, not making their own apps. Lastpass has already adopted it and I have seen some pretty simple python online which allows you to integrate it with your own web logon procedures pretty simply.

    Google also released UNIX PAM modules so you can add even use it for 2-step on your own *NIX servers.

    It’s like being able to add virtual RSA tokens to all your systems for free. Great stuff.

  6. Johann

    @Joe – I’m not sure they can do anything about this. I think all the hard-coded ‘app specific’ passwords let you log in to your whole Google account no matter what client you use. E.g. You could probably use your chat client (e.g. Pidgin) app password to log in to Gmail too if you had one defined.

  7. Vaidya

    What happens when leave my country and go to another country for a couple of months. I may not carry the same phone or may not get the sms even when I am carrying it, may be because of some roaming problem. Is it easy to change the phone number from a given date. Say I am leaving India on 25th Nov I access my mail just before leaving and then change the phone number and then access it only after reaching US. Or alternatively can I deactivate it for a short while.

  8. Johann


    It isn’t SMS based (like Facebook, say) but rather an app for generating Time-based One Time Passwords (TOTP). Effectively the app generates a 6 digit code which rotates every 30 seconds much like a SecurID token you might use for corporate VPN access or online banking does.

    Even if your phone was using another phone number, another SIM or even in airplane mode the codes would still keep in being generated as once seeded they need no link back to Google.

    To authenticate you need both your Google account password and the 6-digit code found on your app, only when both match are you logged on.

    When you turn on 2-step Google also give you a list of emergency (scratch) codes which are one-time codes you may enter at any time instead of the authenticator generated code. You should just keep this in your wallet for those ocasions when you may not have your phone with you. I’ve only ever had to use them once.

    You can also have your browser ‘remember’ you so you do not need to authenticator code for a period of time (30 days I think). this means on your own laptop you only need your password to connect.

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!