Monday, September 3, 2012

Enhance your Google Account (GMail Security): PART 1

Enhance your Google Account (GMail Security): PART 1

Even though Gmail is the most secure of all email platforms I have used so far, your security is always at risk if you use a different email service as your alternative email. 
Google Account 2 step verification
Image Courtesy web
I have learnt the harder way, to protect my account and would now love to share with my readers, how you can have a super secure GMail account. So today I am going to talk about setting up SMS auth for your Google account.

Your Google Account includes all Google services you use with the same Email ID and password:  GMail, Google Maps, Blogger, Orkut, Google+, iGoogle, GTalk etc. As the name says, SMS auth means authorizing access to your Google Account with the help of an SMS. It is also called 2 step verification. So in order to access your account, you will need to verify: 1. your User ID and password 2. An SMS code.

Once you enable SMS auth security on your Google Account, there will be an extra layer of security before you can access our account. After you will enter your User ID and password, a code will sent to your registered phone number through SMS. You will need to enter this code on the screen to be able to access your account. If you do not receive the SMS, you can click on the link there to instantly receive a phone call with the code.

HOW WILL THIS PROTECT YOU?

Though this is an additional step, it makes your Google Account (including GMail) super secure. So even if someone gets your password, they cannot hack your account till you have your phone with you. The hacker won’t be able to log in till the time they enter the SMS auth code (which will come to your phone). Also, if you receive an SMS auth code and you did not try to log in, you will automatically get to know that someone else is trying to access your account without your authority.

ENABLE SMS AUTH / 2-STEP VERIFICATION IN 4 EASY STEPS:

Just 4 steps and you are done. You can do this even if you just check the pictures below. To enable SMS auth or 2-step verification for your Google Account go to this link:


Now before you do that, read on for the complete tutorial and also to find out if you would like to enable it. When you click on the above link, you will be asked to sign into your Google Account. After entering user ID and password, you will see this page:

Google Account 2 step verification
STEP 1: Set up your phone.Set up Google SMS Auth

STEP 2: Verify your phone

2 Factor Authentication Gmail

STEP 3: Choose to add your present computer as 'Trusted'. On a trusted computer/device, Google won't ask you for an SMS code each you log in, till you clear cache and cookies.

Google Account 2 step verification
STEP 4: Confirm and YOU ARE DONE!

2 step verification for gmail
IS THIS FOOLPROOF?

This is foolproof till the time you have your phone with you. But if the hacker is a friend/family member who has physical access to your phone, then this protection may fail as they can see/check the code from your phone. Still this is great especially if you use public computers/cybercafés to access your account.

WHEN WILL THIS NOT WORK?

You cannot receive a code when you are out of coverage area or when you are travelling. 

When you are travelling abroad, you may want to avoid charges for incoming SMS. Or you may have not international roaming activated on your cellphone.

Very rarely, there can be times when the SMS is received late or not received at all due to network problems.

In such scenarios, you can print and keep 20 backup codes with you. Instead of printing you can also transfer the text file containing the codes to your cellphone (if you have a smart phone). Also, you can easily turn off SMS auth any time you want and turn it back on at your convenience. 

You can also download an application called Google Authenticator (only for Android, iPhone and Blackberry) to generate codes when you have no network coverage on your phone.

DO YOU NEED THE CODE EVERY TIME YOU LOG IN?

If you had chosen ‘Trust this Computer’ option while setting up SMS authorization on your Google Account, you will be asked for the code only the first time and not every time you log in using that ‘Trusted’ computer. Every time you clear your computer/phone’s cache and cookies, you will need to enter a new code to log in.

Sounds great? Well before you set this up, I recommend you read the PART 2 of this post which will cover how to turn off SMS auth, how to generate backup codes and application specific passwords. (coming soon)

If you have any questions on the steps above, feel free to ask in the comments below.

3 comments:

  1. Wow!!! Again one more eye-opener frm u!
    Kudos!!! :)

    ReplyDelete
  2. Awww thank you Ruby. This was a surprise post and I was still working on the second part when you left this comment. But you surprised me when I saw view stats for this article :) Hope this was helpful!

    ReplyDelete
  3. Wanted to clarify that this is a free service. Google doesn't charge you anything for this. In India, the phone service operator does not charge anything for the SMS and per my understanding, there is no charge internationally, unless your phone is 'Roaming' out of your registered phone service area.

    ReplyDelete

Comments will be visible once I approve them manually.

Anonymous comments will not be answered. So either use a profile or the Name/URL option to comment (can leave the URL box blank).

In Google Chrome, you can tick mark the 'Notify Me' box in the bottom right to get notified when I reply to your comment.