Wednesday, March 26, 2014

Secure your Google account with a little 2-step shuffle

http://www.techrepublic.com/article/secure-your-google-account-with-a-little-2-step-shuffle/#ftag=RSS56d97e7
Google Authenticator
 Security has become issue number one for many companies, people, services, and devices. With more people hopping over to the cloud, having tight security could mean the difference between your data being secure and your data being stolen. This has become especially true with the massive use of mobile devices to connect to those accounts.
Your Google account is no exemption. If you have a simple password, that account will most likely get hacked. If you have a complex password, the possibility decreases. With 2-step verification, the likelihood of your account getting hacked is even further reduced (drastically even).
What is 2-step verification and how do you get it? Simple — after you set up 2-step verification, you enter your Google account password, and then you're prompted for a passcode that's sent to your mobile device (via text, voice call, or the mobile app).
“Mobile app,” you say? Why yes. Google has created an Android app, Google Authenticator, that makes 2-step authentication simple. Google Authenticator works like this:
  1. Set up 2-step verification for your account (on your PC)
  2. Install the Google Authenticator app (on your Android phone)
  3. Log into your Google account the standard way (again, on your PC)
  4. When prompted, the 2-step code will be sent via the method you set up
  5. Enter the code to authenticate your login
  6. Enjoy your Google account with its new level of security

Setting up your account for 2-step

Before you can make use of the Google Authenticator app, let the 2-step verification wizard help you through the simple set up on your PC. The first step of the wizard requires you to log into your Google account. This is a standard login (your email address and password associated with that account). The second step (Figure A) prompts you to enter a mobile phone number so that Google can send an electronic message with the verification code. This code will be used to authenticate against untrusted computers.
Figure A

Figure A

Setting up 2-step authentication for your Google Account.
You'll immediately receive either a text or voice message (whichever you chose to use) with a verification code. Enter that code and click Verify (in the 2-step wizard). The next step will ask if you want to trust the computer you’re on. If so, keep Trust this computer checked and click Next. If not, uncheck the Trust this computer box and click Next.
The final step of the wizard is to confirm the enabling of 2-step verification. All you have to do is click Confirm, and you’re done. 2-step verification is now activated for your Google account.
After 2-step is established, you have to reconnect all of your apps. You'll be prompted (once you’ve completed the last step of the 2-step setup) to click the Reconnect my apps button. After clicking this button, you'll be asked to log back into your account and retrieve the backup codes. You can refer to your phone for the backup codes, or you can retrieve them by following these steps:
  1. Click on the Go to my settings button
  2. Scroll down to Backup options
  3. Follow the instructions for Backup codes
Either print those codes or save them as a text file. That's how you'll gain access to your account, should you ever not have your phone handy.

Google Authenticator

As I mentioned before, there are three ways to get your verification codes:
  • SMS
  • Voice message
  • Google Authenticator
The nice thing about the Google Authenticator app is that it can generate a code for you, even if you’re in Airplane mode. To install this app, do the following:
  1. On your Android device, open the Google Play Store
  2. Search for Google Authenticator
  3. Locate and tap the entry for the official Google app
  4. Tap Install
  5. Tap Accept
  6. Allow the installation to complete
Once the app is installed, you can launch it from within your app drawer. From the welcome screen (Figure B), tap the Begin Setup button.
Figure B

Figure B

Google Authenticator running on a Verizon-branded Samsung Galaxy S4.
First, you'll be prompted to enter your Google account password. Do that, and tap Done. Next, you'll be required to OK the EULA. If you get a failure (and you most likely will), you'll be prompted to sign in via the web browser. Tap the Next button, and sign into your Google account when prompted. You'll then receive the verification code on your mobile device. Enter that code, and the verification will succeed.
The next step is to set up Google Authenticator. To do this, open up a web browser on your desktop and go to https://g.co/authenticator. You'll be prompted to log into your Google account. Upon successful login, a pop-up window will appear with a QR code. On your device, tap the account (from within Google Authenticator) that you want to set up. In the resulting window, tap Scan barcode. You may be prompted to install the ZXing barcode scanner (if so, tap Install). Hold the device up to the screen so ZXing can scan the code. Upon successful scanning, you'll see the Google Authenticator app display a verification code. The code will only last a short time. You must enter that code into the required text area (within the web browser). When that step is complete, the Google Authenticator will be officially set up.
Now, when you want to log into your 2-step enabled Google account, you can get your verification code for that account from the Google Authenticator app (no more need to get the code sent via SMS or voice message). Again, this app will work even if you’re in Airplane mode.
If you decide 2-step verification is too cumbersome, you can always modify the settings to turn it off.
However, to keep your Google account as secure as possible, consider using 2-step authentication and the Google Authenticator app. Your data will thank you for it.
What do you think? Is 2-step authentication the best way to keep your data from being hijacked? If not, let us know a better solution in the discussion thread below.