Wednesday, March 23, 2022

Protect Your Google Account with 2-Step Verification

If you are anything like me, you use your Google account for everything. All of my files are in Drive, my emails are in Gmail, my pictures are in Photos, and my events are in Calendar.

As convenient and useful as this is, having all of your data in one place should also encourage us to stop and think about security. How secure is your account? If someone were to access your account, what would they have access to?

Now hopefully you don't have your password written on a post-it note stuck to your monitor (please say you don't), but if you are like most people, you probably are not doing anything extra to protect your account.

In this post we will take a look at this super simple, yet powerful, tool to help protect your Google account and everything you have saved in it. If you are a Google user, it is time to step up your account security with 2-Step Verification!

 

🔒 What is 2-Step Verification?

Normally when you log into your Google account, you type in your email address and your password, and that's it. You are now logged into your account and have access to all of your files, emails, and more.

The concern with this is as long as someone knows your email address, all they would need to access your account is your password. Unfortunately there are a number of ways that a password can be compromised including phishing, social engineering, keyloggers, malware, brute force attacks, or simply someone watching your fingers when you log in.

To help provide extra security, one approach is to use 2-Step Verification. With this option, after you put in your email address and password as normal, you will then be required to perform some second step to prove it is really you. This second step can include many options such as:

  • Clicking on a verification button that pops up on your phone
  • Typing in a one-time use code that gets texted to your phone
  • Using a mobile app to generate a one-time use code
  • Typing in a one-time use code from a pre-printed sheet of codes
  • Plugging in a physical USB security key to prove it is you

The benefit of this approach is that even if someone discovers your password, they still will not be able to log into your account unless they are able to perform the second step, which would require access to your phone or security key.

Furthermore, if someone does try to log in as you, you will find out right away when your phone sends you an access code or asks if you are trying to log in, letting you know your password has been compromised.

Now certainly nothing is ever foolproof, but using 2-Step Verification greatly improves the security on your account. Let's take a look at how to set up and use this option.


🏫 Personal Versus School Accounts

One quick note before we get started...

2-Step Verification works on all Google accounts, whether it is your personal Gmail account or your school-provided Google Workspace for Education account. However, for your school account, it is necessary for your technology administrator to turn on the option.

By default 2-Step Verification is not enabled for Google Workspace domains. Your technology administrator can enable this as follows:

  • Go to the Google Workspace Admin Console as normal.
  • Click "Security".
  • Scroll down and click "2-Step Verification".
  • In the "Two-step verification" section, check the box for "Allow users to turn on 2-step verification".
  • Optionally they can adjust advanced settings including whether or not 2-Step Verification is required and which methods are allowable for the verification.

Note: Turning on this setting in the Admin Console does not force users to use 2-Step Verification. It simply gives users the option to use this feature if they wish.

 

👍 Turn On 2-Step Verification

To access your settings and turn on 2-Step Verification for your Google account you can:

  • Go to https://myaccount.google.com 
  • Or click on your profile picture in the top right corner of your screen and choose "Manage your Google Account".
  • In the navigation list, click "Security".

  • Under "Signing in to Google" click "2-Step Verification".

  • On the "2-Step Verification" screen click "Get Started" at the bottom.
  • You will now be asked to log into your account to verify it is you.

 

 

✅ Choose Your Option for Verification

You will now be taken to a screen where you can select the option you want to use for the second step of your verification whenever you log into your account in the future. In addition to the default option you are given, you can click "Show more options" to see other choices.

Altogether you will have four options you can choose from on this page:

  • Text Message - Have a verification code sent to your phone as a text message
  • Phone Call - Have a verification code sent to you through a phone call
  • Security Key - Use a small physical device to connect to your phone, tablet, or computer
  • Google Prompt - Get a Google Prompt that shows up on your phone, then tap "Yes" to sign in

 

There are pros and cons to each method for verification, so you will need to decide which is best for you. Google's recommendation is to use the "Google Prompt" option as they say "It's easier to tap a prompt than enter a verification code. Prompts can also help protect against SIM swap and other phone number-based hacks."

We will look at directions for setting up the "Google Prompt" option below.

 

📱 Set Up the Google Prompt Option

A popular option for verification is to have your phone simply pop up a Google prompt asking if you are trying to sign in. You can just click the "Yes, it's me" button to verify your login. This is much quicker than typing in a code each time, but is still secure as it requires you to have your phone for verification.

 Before you use this option however, there are some requirements for your phone.

  • Android - Any Android phone that you are signed into with your Google account.
  • iOS - For iOS you need the Google app or Gmail app or Smart Lock app installed on your phone, and signed into with your Google account.
  • In either case, you need to be signed in on your phone or the apps with the Google account you wish to use with 2-Step verification. If you want to use this with more than one account, you simply need to have each account added to your phone as normal.

You may have the "Google Prompt" option displayed already, or you can click "Show more options" to select the "Google Prompt" option.

  • Click "Continue" when ready to move forward.
  • You will now get a screen asking you to enter or verify your phone number as a backup option. This can be used to text you a code if something ever goes wrong with the Google Prompt option.
  • Note: If you do not want to use this as a backup option you can click "Use Another Backup Option" which will let you print out a set of one-time-use codes that you can type in if needed.
  • After you enter your phone number, choose if you want to have the code texted to you or spoken in an automated phone call.
  • Click "Send" when ready.

  • You will now get a text message sent to your phone with a verification code.
  • Type in that verification code and click "Next".

 

  • Finally you will now get a screen listing your default second step for your 2-step verification, as well as your backup option if needed.
  • Click "Turn On" to accept these settings and officially enable 2-step verification for your account.

 


⌨️ Logging In with 2-Step Verification

Now that you have enabled 2-Step Verification, when you go to log into your Google account on any device, you will get a screen saying that Google has sent a notification to your phone that you need to verify to log in.

  • A message will now pop up on your phone asking if you are trying to sign into your Google account. Since this is you trying to sign in, you should press the "Yes, it's me" button on your phone.
  • However, if this ever pops up when you are not trying to log in somewhere, then that would mean someone else is trying to access your account and you should press "No don't allow".

 

After you press "Yes, it's me" you will be logged into your account automatically.


💻 Authorizing a Device

If you have a device that you feel is reasonably secure, you can authorize that device so that you do not have to use 2-Step Verification each time you log in for that particular device.

  • Begin to log in as normal on the device.
  • When the 2-Step Verification screen comes up, simply check the box for "Don't ask again on this device".
  • Verify as normal on your phone when you get the notification.
  • Now you will no longer be prompted for a second step when logging in on that device.

If you ever change your mind, you can revoke approved devices to force 2-Step Verification again on that device. 

  • Go to your Google account settings as normal at https://myaccount.google.com
  • Click "Security"
  • Click "2-Step Verification"
  • Under "Devices you trust" click "Revoke All" to clear that setting on your authorized devices.

 


🔑 Backup Options

In addition to your default second step and backup second step, you can have even more backup options if needed. These can allow you to still log in if you are without your phone or do not have connectivity on your phone.

To access these:

  • Go to your Google account settings as normal at https://myaccount.google.com
  • Click "Security"
  • Click "2-Step Verification"
  • Scroll down to the section titled "Add more second steps to verify it's you".

Here you will find the following backup options:

Backup codes

  • This option provides you with a printable page of one-time use passcodes that you can use to sign in when away from your phone.
  • For more details on using backup codes see: Help page link

 

Authenticator app

  • This option is a mobile app that you install on your phone, then use to generate one-time use verification codes, even if your phone does not have connectivity.
  • You can install the mobile app from: Android app and iOS app
  • For more details on using the Authenticator app see: Help page link

Security key

  • For this option you purchase a physical security key. This is a small device that you plug into your computer, tablet, or phone when you are logging in to prove it is you.
  • For more details on using a security key see: Help page link


Conclusion

Although no solution is perfect, 2-Step Verification is a simple option that can greatly increase the security on your account. In just a few minutes you can turn on this feature and help protect your files, emails, photos, and more. The more we use the awesome tools provided by Google, the more we need to make sure we are protecting what we create.


Post by Eric Curts. Bring me to your school, organization, or conference with over 50 PD sessions to choose from. Connect with me on Twitter at twitter.com/ericcurts 

No comments:

Post a Comment