The previous three hacks involved encrypting data on your local hard drive, but as you move to more of a Web-based existence, much of your sensitive data lives in the cloud. And because Google’s made such great Web-based productivity applications (in the form of webapps such as Gmail, Google Calendar, and Google Docs), a lot of your sensitive data is inside your Google account. In this hack, you increase the security of your Google account with 2-step verification.
The only factor standing between a hacker and your Google account — and a lot of vital, your sensitive information — is your password. Even if you have got the strongest positive identification you'll presumably every which way generate, if people were to discover that password, they’d have access to all the information in your account. 2-step verification offers a more secure way for Google to verify that
you are who you say when you log in to your Google account on a new web browser, through a new application, or on a new mobile device. With 2-step verification, your password isn’t enough by itself.
As Google puts it:
“2-step verification needs 2 freelance factors for authentication, much like you might see on your banking website: your password, plus a code you only use once.”4
Those two factors are:
1. Your password (just like always)
2. A single-use verification code that Google sends to your phone in one of three ways:
Using the Google Authenticator app available for Android, iPhone, and BlackBerry Via SMS Through a voice call (meaning you could even use a
landline if you didn’t have a cell phone — the call would read off the code to you)
Both your password and the single-use verification code are required to log in on a new browser. You can then tell Google to recollect your login for thirty days. Set Up 2-Step Verification If you’re convinced that you want the added security, or you at least want to give 2-step verification a try, follow these steps.
1. Log in to your Google account and point your browser to your Google accounts page at www.google.com/accounts/. If you’re using Google Apps on a non-Google Domain, (like your personal website) the Admin for your Google Apps account needs to enable 2-step verification for your account.
2. On the right side of the page, under Personal Settings ⇒ Security, click the Using 2-Step Verification link. (You can bookmark that link if you like.)
3. Now walk through Google’s 2-step verification setup guide, as shown in Figure 2-21. It’s quite simple: Just add a new phone that you want to use for your 2-step verification and confirm that it is indeed
your phone. If you aren’t using an Android, iPhone, or BlackBerry smartphone, verify your phone via SMS. Otherwise, smartphone users should verify their phones using the Google Authenticator app for Android (https://market.android.com/details?id=com.google.android.apps.authenticator), iPhone (http://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8), or BlackBerry. To verify your phone with these dedicated apps, scan a QR code — the square barcodes that smartphones can read via their built-in cameras.
4. Finally, just follow along with Google’s 2-step setup wizard at www.google.com/accounts/b/0/SmsAuthConfig for instructions specific to your phone..