TOTW: make your Google account more secure


Date: 14 December 2012

Turning on Google two-step verification{{}}

If you're anything like me, you probably rely heavily on Google services. Gmail has nearly half a billion users, and five million businesses use Google Apps, the company's online email, calendar and document tools.

But if you have valuable documents and important emails sitting in your Google account, you might want to protect it with more than just a password. As Wired writer Mat Honan found to his cost, it's not always difficult for a hacker to break into your account.

The best way to protect your account is to set up two-step verification. This means that in order to log in, you have to enter a code sent to your mobile phone as well as your password. Without access to your mobile, a hacker will find it virtually impossible to break in.

Here's how to set it up. To start, make sure you're sign in to your Google account, then:

  1. Go to your account settings. You can either click your profile picture at the top right of your screen, then click Account, or just follow this link straight to the settings page.
  2. Click the Security link on the left side of your screen.
  3. Look for the 2-step verification heading, then click the Settings button here.
  4. You'll see a screen explaining how two-step verification works. Read it before continuing.
  5. Once you're ready, click the Start setup button. Google will ask for your password again. Enter it and click Sign in.
  6. Enter your mobile number into the Phone number box and choose whether you want Google to send your codes as text messages or voice calls. Text messages are usually easier.
  7. Click the Send code button.
  8. Google will send a code to your phone. Enter it when requested and click Verify.
  9. If you're using your normal computer, leave the Trust this computer box ticked, then click Next.
  10. Click Confirm to turn on two-step verification.

That's it - Google will now send a code to your mobile when you sign in to your Google account. If you chose to trust the computer, Google will only ask for the code on this computer once a month, not every time you log in. If you log in from a different computer, you'll still need to enter a code.

It's worth taking some time to read the information on the confirmation screen, as you can print out backup codes to use in case you lose your phone or don't have it handy when you need to log in. You can also add an alternative phone number, just in case anything happens to your mobile.

Two-step verification is a really good way to make it much harder for hackers to brak into your Google account. It's well worth setting up, and once it's up-and-running the extra inconvenience when logging in is minimal.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.