Sport & Auto
- About Future
- Digital Future
- Cookies Policy
- Terms & Conditions
- Investor Relations
- Contact Future
If there's anything to be learned from Wired reporter Mat Honan being hacked last weekend, it's that we're never as safe as we think we are. For those of us with a Google account, however, there is still hope.
You may have heard about Google's "two-step verification" process a lot in the last few days, which was highlighted by Wired journalist Mat Honan as a way to have helped block the hacker who gained access to his Twitter, Gmail and iCloud accounts last weekend and remotely wiped his iOS devices.
Two-step verification won't help protect your Amazon, Twitter, iCloud or other online services -- but it will protect your Google account and help prevent a complete wipeout of your online presence should the worst happen.
So what is two-step verification and why should you consider it? The concept is simple: It's an extra layer of security combining something you know (such as a password) with something you have in your possession, which for most of us will be our smartphone.
Setting up two-step verification on your own Google account isn't very difficult, so let's go through the process and how it differs from what we're all used to, which is simply typing in a password.
To get started, you'll need to sign into your Google account from a desktop web browser and head to the two-step verification settings page. Click "Start setup" to begin.
If you haven't added your phone number before, use the pulldown menu to choose which country your number is located in and enter it in the field provided. You'll have the choice of receiving a numeric code via SMS text message or voice call, so select the option you'd prefer and click "Send code."
Within a few moments, you'll receive a six-digit, numeric verification code -- enter it in the field provided and click "Verify."
If the computer you're currently using is your own and you want to make it a trusted computer, make sure "Trust this computer" is checked and click "Next." You'll want to uncheck this option if you're on a public or shared computer.
Now you'll activate two-step verification by clicking "Confirm" -- you also have the option to go back and make any changes before committing to this, however.
Congratulations! You're now twice as secure as you were before, if not more so. While two-step verification will keep you secure while using your desktop web browser, you'll have to do a bit more to utilize the feature on your mobile devices, since apps don't have the ability to ask for or receive verification codes.
While this may be a headache, it's only a short-term one -- once you create an application-specific password, you'll only need to enter it once per device or app. While you can skip this for now, keep in mind that your mobile apps will stop working until it's done, so click "Create passwords" now and let's dive in.
You'll be asked to once again verify your regular Google password, then you'll be presented with a potentially long list of sites, apps and services which have used your Google account in the past. You can click "Revoke Access" next to any of these to remove them from your account, or just scroll to the bottom of the page to get started.
For each app you will use, type in a name that will help you remember what it's for and then click "Generate password." For example, type "Reeder for iPad" (no quotes) to generate a password specific to that app on only this device.
The new password will appear in a yellow box -- don't worry about memorizing this password, since it only needs to be entered one time. While the password is separated by spaces, you can enter the text without them. When you're finished, click "Done."
Note that the process is a bit different for Google's own apps: You'll first log in with your usual Google username and password, then you'll receive a verification code via SMS or voice call (depending on the method you selected), which you'll enter when requested by the app. Many other non-Google apps have also been updated to offer the same process.
So what about those times when you're without access to a cellular connection? For example, maybe you're overseas and can't receive an SMS text message or voice call. That's where the Google Authenticator app comes into play.
The free Google Authenticator app for iPhone generates verification codes directly on the handset without the need for a network connection. It even includes automatic setup using a QR code, and once you've activated it, you can use it for all of your six-digit verification codes -- no SMS or voice calls required.
Visit the two-step verification settings page from any web browser, click on the link for the mobile device you want to use (iPhone, Android or BlackBerry) and you'll see a QR code. (Don't bother trying ours, it won't work.)
Next, launch the Google Authenticator app on that device, tap the + icon to add an account, then tap "Scan Barcode" -- line up the on-screen QR code in the green box and it will be captured by the app.
Now, Google Authenticator will keep pumping out an endless stream of verification codes whenever the app is opened (you'll see six digits with your Google account below, rather than the smudges above). Next time you need a code, simply open the app, remember the on-screen code and enter it wherever it's needed.
Google also gives you the option to make printable backup codes -- a list of ten different verification codes you can print out and slip into your wallet or purse, or even copy and paste somewhere secure, such as 1Password or Evernote for whenever you need to look up a quick code.
That's pretty much all there is to Google's two-step verification process! While it's limited to protecting your Google accounts only (which includes Gmail), it could one day be a barrier that prevents a hacker from totally wiping out your digital lifestyle in the blink of an eye. Heck, we feel safer already! Hopefully you will, too.
Follow this article’s author, J.R. Bookwalter on Twitter