Mountain View, California — Last year, Google after being hijacked by Chinese hackers, quickly made Gmail access via HTTPS protocol default for all account holders to add a security layer. On Thursday, the search engine titan has introduced another security layer upgrade with an advanced opt-in feature dubbed two-step Google Account log-in process for all users in an effort to make their accounts more secure and to cut down on account hijacking from stolen passwords
Google will offer its hundreds of millions of users the choice of activating a second verification step when signing into their accounts, to complement the existing password-only authentication mechanism. Users who preferred to add this second step to their Google log-in process would reduce the likelihood of having their accounts hijacked if their password is stolen.
The 2-step verification includes your password and code you get via your phone. When activated, users will have to enter their passwords as well as a separate code that will be sent to mobile devices before gaining access to products like Gmail or Google Docs.
This new security element makes your Google account more secure and most importantly Gmail out of all Google services. Google enabled this for Google Apps customers several months ago, but is now extending it to all users.
“Take your time to carefully set up 2-step verification–we expect it may take up to 15 minutes to enroll. A user-friendly set-up wizard will guide you through the process, including setting up a backup phone and creating backup codes in case you lose access to your primary phone.”
“Once you activated the 2-step verification, you will see an extra page that prompts you for a code when you sign in to your account. After entering your password, Google will either call you with the code or send you via an SMS message or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iPhone device.”
The 2-Step Verification implies for its name since it requires two major credentials: your Google account password and a six digit pass code obtained using phone. This requires the user to set up the opt-in 2-Step Verification feature from the Manage Account page. During the set-up process, you will be required to enter your phone number and also create certain backup pass codes just in case you lose your phone or it gets stolen. After completing the 2-Step Verification setup, you will land on to an additional page once you log into your Google account using your login ID and password.
“There are plenty of examples (like the classic ‘Mugged in London’ scam) that demonstrate why it is essential to take steps to help secure your activities online,” Nishit Shah, product manager for Google Security, wrote in a blog post. “Your Gmail account, your photos, your private documents–if you reuse the same password on multiple sites and one of those sites gets hacked, or your password is conned out of you directly through a phishing scam, it can be used to access some of your most closely-held information.”
In the next few days, Google will begin to roll out the new option for two-step verification to its Account Settings page that says “Using 2-step verification” under “Security”. A wizard will guide you through the set-up process, including the addition of a backup phone and codes in case you lose your phone.
“When you enter this code after correctly submitting your password we will have a pretty good idea that the person signing in is actually you,” Shah wrote. “It is an extra step, but it is one that significantly improves the security of your Google Account because it requires the powerful combination of both something you know–your username and password–and something that only you should have–your phone.”
However, if you wish to avail the extra security, but do not want to enter a code every single day, you can also inform Google to keep them logged in for 30 days, during which time they will not have to go through the two-step verification and log-in process.
Passwords are susceptible in a number of ways. Malicious hackers can sniff them over unprotected Wi-Fi networks, or trick users into revealing them through phishing scams. Malware can also capture and transmit log-in data. So, to prevent third-party sign-in or someone sneaking into your account, make the best of 2-Step Verification.