I am a strong proponent of two-factor authentication. It greatly reduces the chance of an attacker getting into your account. I have recommended it here on the blog, and in my books. Only recently did I realized I have not posted explicit instructions for how to set it up. Since Gmail is one of the most popular email providers today, I will begin with it. Using Gmail also has an additional benefit: it has almost every two-factor option possible. Learning on Gmail is a good way to learn how to set two-factor authentication generally. If you do not have a Gmail account, this would be a good reason to set one up – it is an excellent learning tool. This post will be a step-by-step tutorial for setting up Gmail Two Step Verification, and will be the first of four parts. This part will cover the basic setup. Part 2 will discuss some intermediate topics like backup codes and using Authenticator. Part 3 will discuss using the “Security Key” and revoking trusted machines. Part 4 will cover “App Passwords”.
To begin using Gmail Two Step Verification, login to your Gmail account. Next, click your avatar in the upper-right corner of the interface and click the blue “My Account” button.
Gmail Two Step Verification requires that you provide a phone number. This will be used to send your verification codes. Enter you phone number on the next screen. Select text (SMS) message or voice calls. I recommend text messages unless you have a good reason for wanting voice verification.
After clicking “TURN ON”, Gmail Two Step Verification is enabled. When you log into your Gmail account you will be prompted to enter your username and password. Before being allowed into your inbox, you will also have to enter the one-time code that will be texted to you. Note the red box indicating “Don’t ask again on this computer”. You should uncheck this box on any computers you do not trust.
Stay tuned for Part II of this mini-series, where we will get into some more advanced features of Gmail Two Step Verification!