In Part I of this mini-series on Gmail Two Step Verification, we covered enabling two-factor with SMS messages. In today’s post we will delve into some additional options. These options offer some additional convenience and flexibility, as well as increased security.
Backup Codes: Backup codes are unique, 10-digit codes that can be used to gain access to your account if you lose your phone. This is a safety feature, and a fairly good one. After enabling two step verification you should generate these! To do so navigate back to your sign-in options (My Account >> Sign-in and security >> Two Step Verification). Scroll down to Backup Options. You have the option to choose a backup phone or create backup codes. If you wish to use a backup phone, ensure it belongs to a trusted party like your spouse. Otherwise, click “Backup codes”.
A pop-up will appear displaying your backup codes. You can print them, save them to a .txt file, or copy and paste them. I prefer to copy and paste them into the “Notes” section of my password manager entry. Regardless of where you choose to store them, they should be stored securely. An attacker can use these codes to gain access to your account.
Authenticator App: The next option we will look at is using an authenticator app rather than receiving SMS messages. Text messages work great, but may be less secure. If your phone account is hacked, the attacker can forward your messages (including your two-factor codes) to his phone. Also, if you are in an area with no reception or overseas, you will be unable to log into your account. Before you begin you need to install a two-factor authenticator app on your device that utilizes the TOTP (Time-based, One-Time Password) protocol. I recommend using Google Authenticator (Android, iOS) or Authy (Android, iOS). You are now ready to begin. To enable this feature login to your account. Navigate to My Account >> Sign-in and security >> Two Step Verification. Just below your second factor (your phone) will be an option to “SET UP ADDITIONAL SECOND STEP“. Click this option and select “Authenticator app“.
The next screen will display a QR code that you must scan with your authenticator app.
At this point, open the app on your mobile device. For this example I used Google Authenticator but the process is similar for Authy. Tap “Begin Setup“. On the next screen tap “Scan Barcode“. It will request access to your camera; allow this. The app will scan the QR code which will add the account. Your phone’s screen should now display your second authentication factor.
Back in your browser, you will now be prompted to enter the code you app generated. This is to make sure everything was setup correctly. Enter the code and click “Verify“.
Gmail Two Step verification should now be setup with the app as your default second factor.