up arrow The Security Two-Step

This is depressing.

Matt Honan is an author at Wired. Recently his Google account was comprimised. And since his online life was chained together, the hackers were soon able to access his Twitter, Amazon, AppleID, iPhone, iPad and MacBook accounts. For lulz, they erased his digital life.

By his own admission, Honan was sloppy. His accounts were interconnected and his data was not backed up. His biggest regret was that he didn’t take the time to implement a defense mechanism provided by Google. He didn’t set up 2-step verification. In the article, Honan refers to it as “two-factor authentication.”

What’s two-step verification? This is a system provided by Google which adds an extra level of security to your account. After it’s set up, you’ll need two things for access. You’ll need to provide something you remember (your password) with something you have (a code on your phone).

Learn how to set up 2-step verification after the jump.

In your gmail account, click on your name in the upper right corner. In the pop-up window, click on “Account.” This will take you to your account settings page. You’ll see a navigation column on the left hand side. Click “Security.” You should see a window that looks like this:

 

Click the “edit” button beside 2-step verification. This will take you to the login screen. Once you’re at that screen you’ll follow a series of instructions. You’ll need to provide a mobile phone number to which Google can send a 6-digit verification code. Once you enter that code, the computer on which you entered it will be considered a trusted device. Click Turn on 2-step verification to finish the process.

After you turn on 2-step verification, you’ll find that some of your apps have stopped working. That’s because they aren’t compatible with 2-step verification. In other words, they can’t accept a username, password and verification code. Don’t worry, Google provides another mechanism for these apps.

In the next step you’ll find a form to generate application specific passwords. At the bottom of the page, you’ll see a form similar to this one:

 

As you can see, I’ve already set up passwords for Google Calendar Sync and my Android. To set up app passwords, enter a label in the text field labled “Name.” This label will help you identify the device. In my example, I entered “Sync” and “Phone.” Click “Generate password” for each device. Once you generate it, you’ll see a 16 digit password. Replace your Google password with that string. If you have an option to remain logged in or to save the password, do so. You don’t want to generate a new one each time you log in.

UPDATE:  Some of you were confused by Google’s verbiage.  It doesn’t matter what order you set up your computers. Google doesn’t recognize primary or secondary computers. There are only trusted and untrusted computers. So you can set up two-step at work, then at home.

 

Posted in Security | Leave a comment

Leave a Reply




Recent Comments

  • Mirko: Wow! This trick saved my day :) thanks a lot
  • The Spaniard: greatest team ever
  • Mike Smith: I find that Dunning-Kruger explains a lot. The difficult part is getting help to those that suffer from...
  • Sohan: I am using node-js http server. I created http request to hit the server and log the message. In that case...
  • Jeff Fulmer: I don’t know what “simple http server” means. If you’re using apache out of the...