Wednesday, September 12, 2018

Protect Your Google Account with 2-Step Verification

If you are anything like me, you use your Google account for everything. All of my files are in Drive, my emails are in Gmail, my pictures are in Photos, and my events are in Calendar.

As convenient and useful as this is, having all of your data in one place should also encourage us to stop and think about security. How secure is your account? If someone were to access your account, what all would they have access to?

Now hopefully you don't have your password written on a post-it note stuck to your monitor (please say you don't), but if you are like most people, you probably are not doing anything extra to protect your account. According to a study released in early 2018, less than 10% of Gmail users have turned on Google's 2-Step Verification option.

In this blog post we will take a look at this super simple, yet powerful, tool to help protect your Google account and everything you have saved in it. If you are a Google user, it is time to step up your account security with 2-Step Verification!


What is 2-Step Verification?

Normally when you log into your Google account, you type in your email address and your password, and that's it. You are now logged into your account and have access to all of your files, emails, and more.

The concern with this is as long as someone knows your email address, all they would need to access your account is your password. Unfortunately there are a number of ways that a password can be compromised including phishing, social engineering, keyloggers, malware, brute force attacks, or simply someone watching your fingers when you log in.

To help provide extra security, one approach is to use 2-Step Verification. With this option, after you put in your email address and password as normal, you will then be required to perform some second step to prove it is really you. This second step can include many options such as:
  • Typing in a one-time use code that gets texted to your phone
  • Clicking on a verification button that pops up on your phone
  • Using a mobile app to generate a one-time use code
  • Typing in a one-time use code from a pre-printed sheet of codes
  • Plugging in a physical USB security key to prove it is you


The benefit of this approach is that even if someone discovers your password, they still will not be able to log into your account unless they are able to perform the second step, which would require access to your phone or security key.

Furthermore, if someone does try to log in as you, you will find out right away when your phone sends you an access code or asks if you are trying to log in, letting you know your password has been compromised.

Now certainly nothing is ever foolproof, but using 2-Step Verification greatly improves the security on your account. Next let's take a look at how to set up and use this option.


Personal Versus G Suite Accounts

2-Step Verification works on all Google accounts, whether it is your personal Gmail account or your school-provided G Suite for Education account. However, for your school account, it is necessary for your technology administrator to turn on the option.

By default 2-Step Verification is not enabled for G Suite domains. Your technology administrator can enable this as follows:
  • Go to the G Suite Admin Console as normal.
  • Click "Security".
  • Click "Basic Settings".
  • In the "Two-step verification" section, check the box for "Allow users to turn on 2-step verification".
  • Optionally they can click the link for "advanced settings" to further tweak the settings.


Note: Turning on this setting in the Admin Console does not force users to use 2-Step Verification. It simply gives users the option to use this feature if they wish.


Turn On 2-Step Verification

There are several ways to access your settings and turn on 2-Step Verification for your Google account. If you are using your computer (PC, Mac, Chromebook) you can:

You can also go directly to this page with the following link:
https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome


If needed you can also set this up through your phone or tablet. For detailed directions on accessing your 2-Step Verification settings on different devices, see the links below:


Set Up the Texted Code Option

One common option for 2-Step Verification is to enter a code that gets texted to you each time you go to log in. If this is the method you want to use for your second step:
  • Enter or verify your phone number.
  • Choose if you want to get a text message or phone call.
  • Click "Next".


You will now be texted a code to your phone. Enter the verification code that is texted to you to confirm that it works.


If that works properly, you can now click "Turn On" to complete the set up for 2-Step Verification. In the future, anytime you log into your account, you will get texted a code to type in to prove it is you logging in.


Set Up the Google Prompt Option

Instead of typing in a code, for another option you can set up your phone to simply pop up a Google prompt asking if you are trying to sign in. You can just click the "Yes" button to verify your login. This is much quicker than typing in a code each time, but is still secure as it requires you to have your phone for verification.

Before you use this option however, there are some requirements for your phone.
  • Android - If using an Android phone you have to be up to date with the installed Google Play services.
  • iOS - For iOS you need an iPhone 5S or newer, and you need to have the Google app or Gmail app installed on your phone.
  • In either case, you need to be signed in on your phone with the Google account you wish to use with 2-Step verification. If you want to use this with more than one account, that is fine. You simply need to have each account added to your phone as normal.

If you are still in the middle of setting up 2-Step verification, you can click "Choose another option" during the initial setup process.

If you have already turned on 2-Step Verification and set up the texting option as described above, you can switch to the Google prompt option by clicking "Add Google Prompt" on your security settings page for your account. (Go to https://myaccount.google.com, click "Sign-in & security", click "2-Step Verification")


This will open a window where you can verify which phone you are using. As long as you are logged into your phone as described above, your phone will be available as an option.

  • Next click "Try it now".
  • Then select your phone.
  • Then click "Next".
  • You will now get a prompt on your phone asking if you are trying to sign in.
  • Click "Yes".

Now you can use the Google prompt on your phone any time you log in for your 2-Step Verification, instead of having to type in a code.


Authorizing a Device

If you have a device that your feel is reasonably secure, you do have the option to authorize that device so that you do not have to use 2-Step Verification each time you log in for that particular device.
  • First, log in as normal on that device.
  • On the 2-Step Verification window, choose "Don't ask again on this computer" to skip 2-Step Verification for this device in the future.
  • Complete the second step of 2-Step Verification as normal (type in the code or tap the Google prompt).
  • Now you will no longer be prompted for a second step when logging in on that device.
  • Note: Be sure to keep this device secure.


If you ever change your mind, you can revoke approved devices to force 2-Step Verification again on that device. In your account security settings (Go to https://myaccount.google.com, click "Sign-in & security", click "2-Step Verification") you can click "Revoke All" to clear that setting on your authorized devices.



Backup Options

In addition to setting up one (or both) of the options above, texted codes or Google prompt, it is wise to also have some additional backup options enabled. This can allow you to still log in if you are without your phone or do not have connectivity on your phone.

Below are some additional options to verify it is you logging in. You can set up any of these options from your account security settings (Go to https://myaccount.google.com, click "Sign-in & security", click "2-Step Verification")

Backup codes
  • This option provides you with a printable page of one-time use passcodes that you can use to sign in when away from your phone.
  • For more details on using backup codes see: Help page link


Authenticator app
  • This option is a mobile app that you install on your phone, then use to generate one-time use verification codes, even if your phone does not have connectivity.
  • You can install the mobile app from: Android app and iOS app
  • For more details on using the Authenticator app see: Help page link


Security key
  • For this option you purchase a physical security key. This is a small device that you plug into your computer, tablet, or phone when you are logging in to prove it is you.
  • For more details on using a security key see: Help page link



Conclusion

Although no solution is perfect, 2-Step Verification is a simple option that can greatly increase the security on your account. In just a few minutes you can turn on this feature and help protect your files, emails, photos, and more. The more we use the awesome tools provided by Google, the more we need to make sure we are protecting what we create.


Post by Eric Curts. Bring me to your school, organization, or conference with over 50 PD sessions to choose from. Connect with me on Twitter at twitter.com/ericcurts and on Google+ at plus.google.com/+EricCurts1

No comments:

Post a Comment