How to set up your Google account with two-step authentication
Google's experience with two-step authentication makes it a remarkably simple process to set up. Here's what you need to do.
- Visit Google's 2-Step Verification page and click on Get Started.
- Enter your Google email and password (or just your password, if you're already logged in to Google).
- Click the Start setup
- Add a phone number that Google can send the six-digit verification code to. (For semi-obvious reasons, this shouldn't be your Google Voice number: If you use that phone number, you might end up locked out of your account.)
- Verify your phone number by entering in the six-digit code Google sent you.
- Choose whether or not to add your current computer as a trusted device.
- Confirm that you wish to turn on two-step verification.
And you're set! Google will now send your phone a six-digit code for any app that uses Google's web interface to authenticate your account.
How to use Google Authenticator
If you don't want codes sent via text message, you can also enable Google Authenticator; this allows you to receive a randomly-generated code from programs like Authy or 1Password or Google's own authenticator.
You can use Google Authenticator for a slew of different services in addition to your Google Account; you just need to make sure they have code generation turned on. Each service has a slightly different way of enabling this, but in general you should find it under the Security section of your preferences.
Here's the setup screen for your Google accounts:
When you click to enable code generation, you'll be presented with a barcode; scan this with Authy, 1Password, or Google Authenticator to add the account.
Once you've added your account, use the code generated by your app of choice to activate two-step code generation back on the original service.
Enable per-app passwords
Though most third-party Mac apps that hook into Google's services use the company's web interface to authenticate your account, support for this on the system level for iOS and OS X isn't quite there yet — though it is coming in iOS 8.3 and OS X 10.10.3.
In the meantime, you don't have to sacrifice your two-step security elsewhere until those updates come around: You can use your traditional username and password fields by generating one of Google's per-app passwords. They're not as secure as two-step authentication, but it guarantees that if someone breaks into that application, they'll have a one-time password only good for that program and can't get into your account on the web.
To access per-app passwords for your Google account, visit your Google account settings, then under the Signing in section, click on 2-Step Verification.
From there, select the App-specific passwords tab and click the Manage application-specific passwords button.
Once you're in the management section, you can generate a new app-specific password for your application, or revoke passwords for any old applications you no longer use or that may have been compromised.