[LOCKED] Extra Security for Your Google Accounts

Category: Security

The threat of identity theft is at an all-time high and it just keeps growing every day. Since early 2015, I have recommended two-factor authentication (2FA) as an extra layer of security wherever it is available. Google makes 2FA available free of charge, in more than one form. Read on to learn how it works, and your options for getting started...

Two-Factor Authentication for Google Accounts

I've written about two-factor authentication in my article An Extra Layer of Security. In a nutshell, it adds an extra layer of security that makes it almost impossible for an unauthorized person to access your account, even if they know (or guess) your password. If you're not familiar with the topic, or how it can be applied to accounts other than Google, check that out article first.

To test-drive Google 2FA and enable it on your Google account, start by going to your My Account page. (You may need to log into your Google account first.) “Sign-in & Security” is the very first item; click on those words to open the page where you can manage your sign-in and security options.

Scroll down that page to “2-step Verification,” a relatively recent addition that really should be more prominent. Its status will be “off” if you have not enabled 2FA. Click on the arrowhead to go to the 2FA options page. You can “learn more” on that page if you want, but I’m going straight to the big blue “Get Started” button right now. Click that button, then enter your Google account password again.

Google two-factor authentication options

Now we’re on the page where 2FA is configured. Google insists on a phone number, and says it should not be a Google Voice number. I found that my GV number works just fine. However, if you do give your GV number, you should give a backup phone number in addition. I found out the hard way, that if you try to turn off 2FA, you won't be able to receive the access codes on that GV number, if it's associated with the same Google account.

Google’s default 2FA relies on sending a different 6-digit PIN to your phone every time you log in to your account with username and password. You have to enter that PIN in order to complete authentication. The PIN can be given to you via text or an automated voice call; it’s your choice. (Don't worry that Google will send you unwanted text messages or telemarketing calls. I've been using this method for years, and that has never happened to me.)

After trying the phone-and-PIN method, you are asked if you want to enable 2FA permanently. Those who do often leave it at that, but there are other options beside phone-and-PIN for authenticating your identity a second time. After clicking “Turn on” to enable 2FA, you are taken to another page where you can choose backup or alternate 2FA methods, in case you find yourself without your phone.

Backup Access Methods for Two-Factor Logins

I strongly recommend that you use one of these additional options, to ensure that you never get locked out of your account:

  • Backup codes - Choose this option to create a set of printable one-time passcodes that will allow you to complete the 2FA sign-in process when you don't have your phone handy. Stash this printed list in your wallet or briefcase to use when needed.
  • Authenticator app - Choose this option to download the "Authenticator" app that will generate 2FA verification codes. The app is available for both Android and iPhone, and will work even when your phone is offline.
  • Google prompt - Choose this option to get a prompt on your Android smartphone or iPhone and just tap Yes to sign in.

USB Security Key Authentication

The very last backup method listed is a “Security key.” On your screen, it looks like a USB thumb drive, and that’s exactly what it is. The smallest, cheapest USB thumb drive, costing under ten bucks, will do for 2FA purposes.

Click on the “Add Security Key” link and follow the simple instructions to turn an empty USB thumb drive into a personalized, encrypted hardware 2FA key. You can create multiple USB keys, leaving one at home and/or office while another travels on your keychain or in a briefcase.

When you need to log in to your Google account, you will enter your username and password as usual. Then you will be asked to insert your Security Key into a USB port on the computer from which you are logging on. Google will read the encrypted key on the USB key, and if it matches what Google stores in its servers you will be fully logged into your account.

I like USB security keys because they don’t require any reading or typing on my part. I don’t have to get a PIN right. All I have to do is get the USB key right side up when I plug it in.

Your thoughts on this topic are welcome. Let me know what you think of USB key security, and other two-factor login options in the comments below.

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 14 Oct 2016


For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 13 October 2016

The Top Twenty
Next Article:
IoT Security News Just Gets Worse

Most recent comments on "[LOCKED] Extra Security for Your Google Accounts"

Posted by:

Riccardo
14 Oct 2016

What if you enable 2FA using phone-AND-PIN, then you lose your phone and want to log in your google account on a PC to use "Find My Phone". You won't be able to log in because you'll need the PIN that's sent to your lost phone!


Posted by:

Judith Jordan
14 Oct 2016

I have no idea what you are talking about. I have been able to understand all your articles until now.
I am of the older older generation and stay on my computer off and on all day. But I use flash drives and disk for everything I write and all my email.
Keep writing you have educated me in all your writings until now. Sorry, I'm so behind the times.


Posted by:

Judith Jordan
14 Oct 2016

I have no idea what you are talking about. I have been able to understand all your articles until now.
I am of the older older generation and stay on my computer off and on all day. But I use flash drives and disk for everything I write and all my email.
Keep writing you have educated me in all your writings until now. Sorry, I'm so behind the times.


Posted by:

Ken Green
14 Oct 2016

I like using the Two-Factor Authentication as it what I use when logging into my Paypal account. I feel very safe and secure with regard to my Paypal account.


Posted by:

my3ke
14 Oct 2016

Bob, what about a Yubikey(yubico.com) for 2FA? I've been researching them, but haven't bitten the bullet yet. It sounds similar to the USB security key scheme, but can be use for multiple 2FA sites. There are probably similar 'keys' out there as well.


Posted by:

Gary
14 Oct 2016

If for some reason you're unable to use the Google Authenticator app one can download a series of authenticator numbers each of which can only be used once. However, it's always possible to download additional authenticator numbers.


Posted by:

Janusz
14 Oct 2016

You forgot (I do not want to imply misinformation) to mention that the Google's USB Security Key Authentication works only with Chrome, and that it requires a USB port, which rules out mobile phones and most tablets.


Posted by:

RandiO
14 Oct 2016

The combination of the terms 'google' and 'security' in a single sentence sounds like an oxymoron to me.
How much personal information must google demand from us?
Now google is saying that in order for me to "secure" my gmail address (w/2FA), I now have to give them my 'real' telephone number?
Is there an end to this google big-data saga?
Heck, google may even have more secure servers than the federal government: But that does not make them any less vulnerable to security breaches than neither the Feds or Yahoo.
One possible solution would be to divest oneself from the google dominion.


Posted by:

Mike
14 Oct 2016

Be careful about 2FA if you're traveling abroad. Unless you have cell phone service in the foreign country, the text that it sends you will not get delivered. There is a workaround of sorts, if you've set it up. Google will send the password to another email account. If you haven't done this, there is no way that I know of to complete the 2FA.(Maybe somebody does)

I should note this happened to me while visiting in Cuba earlier this year and brought to light another problem wth 2FA: in many countries the @ symbol is accessed by a different combination of keys (in Cuba you press the Ctrl and Alt key simultaneously and then the number 2 key). I had used my wife's email account as the backup in case I couldn't receive a text. You have to tell Google where to email the password; unless you have the @ symbol, you can't enter this information!


Posted by:

pshaw
14 Oct 2016

I'm in the same category as Judith Jordan. But I don't use Google, don't have Google mail. Does any of this relate to me?


Posted by:

RandiO
14 Oct 2016

@ pshaw,
2FA may just "relate to" you: See if you do business with any of the web companies listed in this link >> https://twofactorauth.org/
Soon, the rage will be all about biometric security; and that is when google will probably demand your medical records for log in...


Posted by:

marge201
15 Oct 2016

How does this affect getting gmail on iphone (or any phone)? Can you make the phone a trusted device and never have to think about that?


Posted by:

Mark
15 Oct 2016

Thank you for a very informative article! I had never heard of Google's USB security prior to reading your article. Unquestionably I'll be purchasing one soon.


Posted by:

Dave Fox
15 Oct 2016

Hi Bob, very good article as always. I like that USB idea, especially having to be able to have more than one USB key, I'm very particular about giving out my Phone #. Besides if a person has a google account, they already have my Phone # anyway. This would be perfect for at home with my desktop.


Posted by:

Marc
15 Oct 2016

Any suggestions on using two factor authentication in the event you don't want to give a phone number to google or other data broker? I may be old fashioned but I never give phone numbers to companies who collect information about me knowing that this number gets sold to telemarketers.


Posted by:

inLionSk8r
15 Oct 2016

I'm a senior who has been using two-factor authentication with Google and my banking site, ever since each began offering the option. After the original set-up pains, both have been trouble-free. It's highly recommended that people read up on and learn to use this important security feature, before their accounts get hacked.

And while they're furthering their education on protecting themselves, they should also get a good password manager, study the tutorials and then use it to generate new nonsense passwords, as well as use it to insert them into all sites requiring log-in credentials. Many professional computer troubleshooters advise that if a password can be remembered or is less than 20 characters long, it isn't secure.

Yes, changes in the way we've been doing things for years can be very challenging. But, making an effort to learn about and institute these is EASY, when compared to dealing with the fallout from compromised identities and accounts.


Posted by:

Don
16 Oct 2016

I'm a little lost too, on this article. It doesn't say that's what it's for, but everything in most of this article is about using a phone or similar, not a PC. So it doesn't apply to a PC?
But at the end you tell how to retrieve whatever from the computer you are on. I don't know what that means. A phone won't take a normal USB drive, which is what that section is talking about using. And if you have only your phone and not a computer available, how does that help anyway?


Posted by:

Richard
17 Oct 2016

I have a number of problems with these. The first is I don't have a mobile phone so that option isn't available. I don't want to have to remember to carry around a second "thing" like a pad or USB key or even a phone if I did have one either. The problem is that accounts like Google have grown from just an email to something more encompassing that may also provide access to other platforms (Login with Google).

Maybe an option would be to have some form of confirmation stored on approved devices with an expiry date. If new or expired then an additional security measure is called to create or renew that data for that device. Certificates or the like is the sort of thing I'm thinking here.

What I have noted though is that if something new tries to access (say GMail) it isn't allowed until I approve it.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.
[an error occurred while processing this directive]


Article information: AskBobRankin -- [LOCKED] Extra Security for Your Google Accounts (Posted: 14 Oct 2016)
Source: http://askbobrankin.com/locked_extra_security_for_your_google_accounts.html
Copyright © 2005 - Bob Rankin - All Rights Reserved