Friday, October 21, 2011

Lock Down Google With Two-Factor Authentication

Article first published as Online Security: Using Two-Factor Authentication With Google on Blogcritics.

Did you know you can now use two-factor authentication with your Google account? Think about it: most people use a single username/password combination to gain access to a system-wide array of services in the Google universe. Gmail, AdSense, Blogger, Analytics, Docs, etc, is a whole lot to leave vulnerable to the single username and password approach. And it’s easier than you think for a hacker to acquire your password without your knowledge.

Recently, Google has made two-factor authentication available as a login option worldwide. Two factor authentication in its most basic definition is this: A) something you know (your trusty old Google username/password); and B) something you have (a key or one-time passcode that regenerates every 60 seconds). In short, A + B = access to your account. You need both. So even if your password got sniffed, or you left it in your stolen wallet somewhere, the hacker would still need a unique code to complete the login process.

Google makes it easy, too. The idea is after you login using your normal user/pass (A... something you know), you will be asked for a unique piece of information, a code, to complete authentication (B... something you have), to verify your identity. The code is something your smart phone can provide for you. Simply download an app (iPhone, Android, and Blackberry are supported). The app generates a code based on an algorithm that Google and your smart phone app have in common. Or if you prefer, a regular cell phone can be used (a txt message will arrive with the code embedded). The code is only good for 60 seconds, and then it expires and another code is generated.

So why bother? Your account will be a lot safer if you enable two-factor authentication, especially if you're a regular user of multiple Google products. Heck, it even makes sense even if you just have Gmail. Lock it down, people! Google has prepared a great set of instructions to help you get started. Go to to find out more.

Read more: