Skip to main content

Google rolls out 007-style ‘two-step verification’ security

Many of us go about our day, logging into online accounts from home, work, the library, the Apple store, and wherever else in order to read that inspirational story Mom e-mailed us about a kitten befriending a dog, and everything is hunky dory. Someone, on the other hand, is currently becoming the person you read about who had their password stolen, and their bank account hacked using the information they e-mailed themselves “that one time.” (Almost two thirds of all Americans have been affected, according to a study from Internet security giant Symantec. This type of digital information theft is easier than many of us realize.)

Security concerns have grown steadily over the last several years as users continue to put more and more private data behind the security vault door that is a Google account login. But perhaps these concerns are finally being laid to rest. Google is rolling out a new solution for those desiring additional protection that will make Google as the Alfred to your Bruce, the M to your James, the home base secret-keeper to your mobile, private data-accessing lifestyle.

You can now activate a “two-step verification,” which will will require you to login with your username and password as usual, and then, on a second page, fulfill a request for a verification code before admitting you to your account. This verification code, randomly generated by Google, is only valid for the few seconds while you are completing the login process, and provided to you upon your request. Anyone who steals your password, or even this secret code, will not be able to login to your account later and steal all of the details of your “girls night out” planned for next Thursday night.

Google is providing a variety of ways for you to obtain this temporary password. According to a beta tester at over at TechCrunch, you can request it via a new mobile app called Google Authenticator (for your Android, iPhone, or Blackberry), text Google for it, or have them company call you. You can also authenticate a second phone if you lose access to your primary one, or use a pre-printed list of one-time use passwords (which you will inevitably keep hidden in the sole of your shoe), if you need a fail-safe backup.

To ease the burden of this process for the numerous times a day you access your Google account, you can input a one-time authentication code for devices you use all the time. A little trickier is the requirement to generate and store app-specific pass-codes for programs like Apple Mail and iCal, which often automatically login to your Google account and regularly pull down new data for your preferred method of interface.

We’ve been on the old username-and-password system for some time now, but this new, second-tier authentication approach is starting to spread. You may have seen it on bank websites, with their periodic prompt of security questions, or a “call and answer” system with unique images tied to your account, so that you can verify the page you’re on before inputting your password. You may even have received a portable, random password-generating key fob for your corporate or securities-trading account. Yahoo has taken steps to protect users by helping team them up with Norton’s Internet Security product.

We can’t say your information is now invulnerable, but Google, as usual, has taken another promising step towards solving a big consumer problem. Google’s Accounts Help Center has details on how to get your own Google account set up with two-step verification.

Editors' Recommendations

Adam Milgrom
Former Digital Trends Contributor
FCC proposal could help Google Fiber roll out to more cities
Google Fiber Austin Event

The U.S. Federal Communications Commission (FCC) is considering a proposal that would eliminate bureaucratic red tape and speed up the delivery of gigabit internet from providers like Google Fiber. Called the one-touch make-ready (OTMR) system, the proposal could accelerate the deployment of broadband services and 5G by requiring new service providers do the work of moving existing lines on utility poles if they want to add their own lines.

The change would make it easier for new providers to enter a market. Under the current system, if a new provider wants to move existing wires or make changes to a utility pole, it must consult with the incumbent providers, who would make the changes themselves. By shifting the work burden to the new service provider, the FCC's OTMR proposal aims to speed up the process by eliminating the coordination needed to perform the work on simple changes to utility poles.

Read more
Use this Rubik’s Cube-style device to create ultra-secure computer passwords
cube for generating passwords dsc00042

The Ultra Password Cube

You would think that, here in 2018, the threat of bad actors and hackers online would make us work a bit harder at coming up with secure passwords. Yet somehow “123456” and “password” persist as popular choices. (And, no, we’re sadly not kidding about that!) Wouldn’t it be great if there was a desk toy that could somehow generate and store random, ultra-secure passwords?

Read more
Gmail to get much-needed visual updates and advanced security features
Gmail may offer self-destructing email that lets you set an expiration date
google gmail revamp makeover feat

In an email sent to G Suite administrators early on Wednesday, April 11, Google announced plans to roll out a new look for Gmail with a host of new features, most of which will be outlined in the future. The new features will first be delivered to G Suite via an early adopter program, with plans to expand to all Gmail users at a later date. Now, we have our first look at what the makeover might look like, including the new Confidential Mode self-destructing email feature.

As originally reported by Android Authority, a "trusted source" has revealed given the world a sneak peek at the Google redesign.

Read more