A Gmail phishing* attack has been perpetuated on millions of users in which the hacker sends you a fake email with an attachment that appears to come from one of your friends. Clicking on the attachment takes you to a replica of a Gmail login page. Once you enter your login and password, your email account is successfully hacked.
A single step authentication, i.e., using only your password to unlock your account, can be readily compromised by the ‘phishing’ attacks as described above, enabling hackers to access your account. However, the use of an additional layer of security in form of ‘two-step verification’ will prevent an unwanted individual to access to your email when your password is compromised.
In these days, it has become an absolute must to set up 2-step verification on all of your email accounts as well as other Internet-based accounts.
If you are interested in making your Gmail account hacker-proof right now, then skip the discussion below and proceed directly to the “How to setup 2-step verification for your Gmail”.
2-Step Verification Versus 2-Factor Authentication
Authentication in computers is the process of identifying yourself to a device with an ID and a special piece of information that only you can provide, e.g., a password. Unless your password is long and complex, it can be readily decoded by software known as a ‘bot’. Since most people use the same password for all of their Internet activity, once their password is hacked, then, all of their accounts become vulnerable.
There are three types of authentication factors:
Something you know Something you have Something you are
Password or code Smart card or Yubi Key Fingerprints or Iris print
When two different factors are used to open the door to your account, then it is considered “two factor authentication”. When multiple different factors are used to open the door, the process is called “multi-factor authentication”.
On the other hand, when the same factor, e.g., ‘something you know’, is used in two different formats or steps to open the door, for example, password and a code sent to your phone the process is called two-step authentication. It that the code that is sent to you represents a second factor since it is received on a device that you have. However, this argument overlooks the fact that it is the code, ‘something you know’, that is enabling you to access the account and not the physical device that receives this code. Both, 2-step verification and 2-factor authentication both offer an additional layer of security that is ten times better than single-factor authentication.
How do you setup 2-step verification for your email account?
Two-step verification to access your email account is the preferred security feature that we should all use to secure our accounts against hacking.
We will discuss the simplest way to set up 2-step verification for your email. 2-step verification can be used for other Internet accounts and services such as PayPal, Dropbox, Kickstarter, Mailchimp , LastPass, Apple, LinkedIn, Evernote and even sites powered by WordPress and many more services.
Here is an example of how to set up 2-step verification for Gmail.
Step 1: Open your Gmail account settings by clicking on “My Account” on the top right hand corner of your email on a browser. (Figure 1)
Step 2: Click on “Sign-in & Security” on the settings menu. (Figure 2).
Figure 2. Google Account security settings page
Step 3: Click on “2-Step Verification” on the next page (Figure 3). Once you click on “Get Started” (Figure 4), it will take you through the steps to setup 2-step verification.
Step 4: Add your mobile number on the next page so that Google can send you a code each time you log into your account from a new device. (Figure 4)
Figure 4. Set up your phone for 2-step verification
Step 5: Once you add your mobile number on the next page, Google will send you a code to your phone as in Figure 5.
Step 6: The next step is to add the code provided in your text message to Google as in Figure 6 below.
Step 7: You are all done and you can now TURN ON 2-step verification by clicking on “TURN ON” as in Figure 7.
Figure 6. Figure 7.
Setting up this 2-step verification process will keep hackers out of your email forever as they cannot get access to your phone. They would need to not only identify your mobile phone number but also intercept the text messages to get to the same code.
There are other alternatives to setup additional precautions that Gmail offers as shown in Figure 8 such as “backup codes” and “Google Authenticator App” or “Yubi Keys” which we will discuss in future articles.
About the author:
Nirupama Mallavarupu is the Founder of MobileArq, a boutique software company based in Summit, NJ. MobileArq is offering a “build-an-app” course this winter for high school students. Please check it out at http://mobilearqacademy.com/ . Send questions about the article or the course to firstname.lastname@example.org.