[LOCKED] Extra Security for Your Google Accounts
The threat of identity theft is at an all-time high and it just keeps growing every day. Since early 2015, I have recommended two-factor authentication (2FA) as an extra layer of security wherever it is available. Google makes 2FA available free of charge, in more than one form. Read on to learn how it works, and your options for getting started...
Two-Factor Authentication for Google Accounts
I've written about two-factor authentication in my article An Extra Layer of Security. In a nutshell, it adds an extra layer of security that makes it almost impossible for an unauthorized person to access your account, even if they know (or guess) your password. If you're not familiar with the topic, or how it can be applied to accounts other than Google, check that out article first.
To test-drive Google 2FA and enable it on your Google account, start by going to your My Account page. (You may need to log into your Google account first.) “Sign-in & Security” is the very first item; click on those words to open the page where you can manage your sign-in and security options.
Scroll down that page to “2-step Verification,” a relatively recent addition that really should be more prominent. Its status will be “off” if you have not enabled 2FA. Click on the arrowhead to go to the 2FA options page. You can “learn more” on that page if you want, but I’m going straight to the big blue “Get Started” button right now. Click that button, then enter your Google account password again.
Now we’re on the page where 2FA is configured. Google insists on a phone number, and says it should not be a Google Voice number. I found that my GV number works just fine. However, if you do give your GV number, you should give a backup phone number in addition. I found out the hard way, that if you try to turn off 2FA, you won't be able to receive the access codes on that GV number, if it's associated with the same Google account.
Google’s default 2FA relies on sending a different 6-digit PIN to your phone every time you log in to your account with username and password. You have to enter that PIN in order to complete authentication. The PIN can be given to you via text or an automated voice call; it’s your choice. (Don't worry that Google will send you unwanted text messages or telemarketing calls. I've been using this method for years, and that has never happened to me.)
After trying the phone-and-PIN method, you are asked if you want to enable 2FA permanently. Those who do often leave it at that, but there are other options beside phone-and-PIN for authenticating your identity a second time. After clicking “Turn on” to enable 2FA, you are taken to another page where you can choose backup or alternate 2FA methods, in case you find yourself without your phone.
Backup Access Methods for Two-Factor Logins
I strongly recommend that you use one of these additional options, to ensure that you never get locked out of your account:
- Backup codes - Choose this option to create a set of printable one-time passcodes that will allow you to complete the 2FA sign-in process when you don't have your phone handy. Stash this printed list in your wallet or briefcase to use when needed.
- Authenticator app - Choose this option to download the "Authenticator" app that will generate 2FA verification codes. The app is available for both Android and iPhone, and will work even when your phone is offline.
- Google prompt - Choose this option to get a prompt on your Android smartphone or iPhone and just tap Yes to sign in.
USB Security Key Authentication
The very last backup method listed is a “Security key.” On your screen, it looks like a USB thumb drive, and that’s exactly what it is. The smallest, cheapest USB thumb drive, costing under ten bucks, will do for 2FA purposes.
Click on the “Add Security Key” link and follow the simple instructions to turn an empty USB thumb drive into a personalized, encrypted hardware 2FA key. You can create multiple USB keys, leaving one at home and/or office while another travels on your keychain or in a briefcase.
When you need to log in to your Google account, you will enter your username and password as usual. Then you will be asked to insert your Security Key into a USB port on the computer from which you are logging on. Google will read the encrypted key on the USB key, and if it matches what Google stores in its servers you will be fully logged into your account.
I like USB security keys because they don’t require any reading or typing on my part. I don’t have to get a PIN right. All I have to do is get the USB key right side up when I plug it in.
Your thoughts on this topic are welcome. Let me know what you think of USB key security, and other two-factor login options in the comments below.
This article was posted by Bob Rankin on 14 Oct 2016
|For Fun: Buy Bob a Snickers.
Geekly Update - 13 October 2016
The Top Twenty
IoT Security News Just Gets Worse
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- [LOCKED] Extra Security for Your Google Accounts (Posted: 14 Oct 2016)
Copyright © 2005 - Bob Rankin - All Rights Reserved