Goondu how-to: Setting up two-factor authentication for Gmail

September 16th, 2011 | by Aaron Tan

If you’ve been paying your credit card bills online, you should be familiar with the token PIN that’s required to access most Internet banking services in Singapore.

This security mechanism is commonly known as two-factor authentication (2FA), which requires users to enter a token-generated PIN, plus the usual username and password to access online banking sites and corporate networks.

Besides financial institutions, the Singapore government and some large corporations have also issued employees with tokens for an added layer of security.

My Gmail account was hacked last week and it was only then when I realised that Gmail has a little-known 2FA feature known as 2-step verification – at least I didn’t know about it until now.

Once you turn it on, anyone who tries to access your Google account on an unauthenticated device will need to enter a PIN generated by Google Authenticator, a smartphone app for iPhones and Android devices. In other words, your phone becomes your token.

Setting up 2-step verification is easy and Google has a detailed guide here. For those who want a quick run-down on how to do this, follow these steps:

1. Download the Google Authenticator app from the Android Market, iTunes App Store or http://m.google.com/authenticator for BlackBerry devices.
2. Sign in to the 2-step verification settings page on a computer.
3. Select your device (iPhone, Android or BlackBerry), and tap Next to generate a QR code that will be used to link your device with Gmail.
4. Launch the Google Authenticator app and tap on the plus icon to authenticate your Gmail account. Accounts can be added manually by entering your Gmail access credentials, or using a bar code scanner app to scan the QR code generated in Step 3. If you don’t have a scanner app, download one.
5. Click on next on the computer, then enter the verification code on your phone in the Code field and click Verify.
6. If the code is correct, a confirmation message will be displayed. Then, click on Next.
7. Now, you will see a list of backup codes that can be used to access your Google account if your phone gets stolen. Save this list or print it out, then click Next.
8. You will also be asked to add a backup phone number for a backup code to be sent to you if you lose your phone. Complete the set-up by sending a test code to the backup phone.
9. Once you are done, sign in as usual to your Gmail account. Check “Remember verification for this computer for 30 days” if you do not want to keep entering a verification code each time you sign in for the next one month.

Note: If you’re using your Google credentials to log on to third-party websites and apps, you may be prompted to enter an authentication code to access those websites.

2 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.