Jan 17, 2012

How do you use a smartphone for two-step verification to log in to your Google accounts?

I've heard about Google offering a two-step verification process for log-in. Perhaps I'm being paranoid, but it seems as if there is a significant data breach every few days, and I want to find the right balance of security and convenience, and the security part of that equation has been growing in importance to me. Has anyone used this log-in method? If so, how much of a hassle is it to use, and is it worthwhile in the end?



You have to enable the two-step verification.  There is an app called Authenticator that you must install on your smartphone.  When you want to log in, google will send a 6 digit verification code to your phone.  The code is only valid for 30 seconds or so, so the window is pretty small for log-in.  You enter the code in addition to your normal log-in password, and you are then granted access.  It works ok, but frankly I find it a bit of a bother.  I think that using a strong password along with that password being limited to your google account is an easier alternative, but it is obviously not as secure as a two step process.  Still, a strong password should discourage most of the average miscreants trying to break into your account.  I suggest using one of the password evaluation sites to make sure it is strong, though.  


Google was recently testing out a cool 2 step verification process that only required you to scan an online QR code, but apparently that is still in testing.  I would love to see it become the standard.  It would be much more convenient.  



Hi ernard,

Here are some instructions on how to turn on two step verification using smartphones. These instructions cover Android, iOS and Blackberry devices. It also shows you how to set it up for multiple Google accounts.


"If you want to turn on 2-step verification and own a smartphone, we recommend you use the Google Authenticator app -- a mobile application available on Android devices, iPhones, and BlackBerry devices -- to generate verification codes. The application doesn't require an Internet connection, mobile service, or a data plan to generate verification codes."
Answer this