Tuesday, February 15, 2011

How To Setup Two Step Verification

Google has rolled out a two step verification option for logging into your account.
Here is what you'll need to have ready before you get started.
  • A Google Apps account
  • (obviously)
  • Administrator access to that Google Apps account
  • (unless your admin has already done his part)
  • A phone line of some kind
  • (land line will work)
  • (cell phone with a text plan is better)
  • (smart phone with internet access is the best option)
If you use Google Apps, start here.
If you have a @GMail account, skip the first step.

Start by going to your Google Apps Dashboard.
Click "Advanced Tools".
Make sure the check box labeled "Allow users to turn on two-factor authentication" is checked.
Goto http://www.google.com/accounts/b/0/SmSAuthconfig.
Clink the button that says "Set up 2-step verification".
I have a Nexus One,
So I selected "Android" from the drop down list.
You will have to got download the "Google Authenticator" app.
This app also requires "Barcode Scanner"
If you don't have a smart phone select "Other" and the process will be the same as the backup phone as listed below.
Select the phone that you have and click "Next"
The setup page will generate a QR code.
Open the Google Authenticator app and select the button that says "Scan account barcode".
The app will automatically launch the barcode scanner app.
Point it at your computer screen and fit the QR code in the target area.
Once you phone has captured the QR code,
Click the button on the setup page that says "Next".
The website will now ask you for a number that should appear on the Google Authenticator app.
Enter it in the text box and lick the button that says "Verify".
Once the code from the app has been verified,
Click the button that says "Next".
Your smart phone is now configured.
Click the button that says "Next" to setup a backup.
Now that you smart phone is configured,
You can set up a backup phone.
Do this.
It's just stupid not too.
If something happens to that smart phone and you don't have a backup,
There is no way to get into your account.
Your first set of backups are ten randomly generated codes.
These are one-time use codes.
Print them and keep them with you.
These are incase you can't get cell phone service where you are.
I printed four copies.
One for my wallet, one to keep at home, one to keep in my car, and I gave one to a family member.
I'm not getting locked out of my account if I can help it.
You can clear these codes and generate new ones if a copy happens to get stolen.
Click the button that says "Print codes" (and actually print them),
Click the check box that says "Yes, I have a copy of my backup verification codes.",
And click the button that says "Next".
No you can enter a backup phone number and chose how you want the server to contact you.
I chose "Automated voice message",
But I'll likely change that to "SMS" text message later,
Just because I don't want to get a phone call every time.
I know testing it is optional,
But just do it.
There's no reason not to.
If you're that pressed for time you shouldn't be using a two-step verification process in the first place.
Not testing it just allows for one more thing that could lock you out of your account,
When you're trying to download that super important presentation,
In an area that doesn't have mobile internet.
Murphy's Law people.

Click the button that says "Send code".
Since I had the "Automated voice message" option selected,
I got a phone call.
I have Google Voice with "Call Screening" on.
This meant that the code was played during the time that the call screening asked the caller to state its "name".
So when I answered Google Voice announced "Call from ... (incomplete code) ... to accept press 1 ..."
I pressed one,
But by then the automated voice message was long over.
So I went into Google Voice and looked at my "Received" calls.
I found the number that had just called and labeled it "Verification".
So now when Google Voice announces "Call from ... "Verification" ... to accept press 1 ..." the server still hears the ringing.
I pressed 1 and the automated voice message began reading me my code.
Enter the code in the text box and click the button that says "Verify".
Click the button that says "Next".
At this point Google may tell you that you need to create "application-specific passwords".
This just means that Google will generate a random password so your smart phone can access your mail.
Don't worry about this right now,
We'll deal with this later.
Click the button that says "Next".
Alright!
All set up.
Now to activate it
You will be logged out of all Google services,
So make sure all you work is saved.
Click the blue button that says "Turn on 2-step verification".
Google just wants too make sure you know that you will be logged off.
Click the button that says "OK".
Go ahead and log into your account.
Enter the code that you get from the Google Authenticator app (or other option) into the text box and click the button that says "Verify".
It's time to create those "application-specific passwords".
Click the button that says "Create passwords".
Enter a device name.
Google will use this to generate a password to be used only with that device.
And now you're done
From this page you can change all you settings.
Use this to update your phone number.
You can also generate new backup codes incase the old ones are lost or stolen.
You should also receive an email with some more information about two-step verification.

No comments:

Post a Comment