Google’s Two-Step Verification — Not That Scary


I work with the healthcare system. That explains a lot. Like why so many of the most frequently asked questions I receive in workshops about social media and anything online include the words “safe” and “secure”. Now, in social media there are a lot of times where what you do is not anything you want or need to have be safe and secure. That is a hard concept to explain in certain contexts, a different way of thinking, and for a different blogpost. For today, this is about what you put in Google, which is largely content you DO want to have secured!

Enter Google’s new 2-step verification system!

Google 2-Step Verification

I thought, well, of course I want more security, but I was a little nervous about what the process would entail, would I be able to change my mind later, what if I mess it up and lose access to my account! On the other hand, it is kind of my job to figure these things out and then tell other folks, so I bit the bullet and went ahead, despite being a Nervosu Nellie.

I clicked on the link provided, said I wanted to go ahead, and did what they told me to do. In short, you first give them a phone number, and make SURE it is your mobile phone, because you will need access to it every single time you try to login. Really. So it better not be a landline somewhere when you aren’t there. They text a code to the phone, you type it in, and voilà! you’re set up.

Google 2-Step Verification

I thought this was going to be a one time thing, but nope, it sent me a text every time I tried to login, on every workstation or device. If I log out, then when I log in that time I need to receive the code. The code is different everytime. It isn’t a second password and you can’t memorize some secret code.

So far so good! Next, it took me to a VERY important screen.

Google 2-Step Verification

There are three really important parts on this page. Unfortunately, you can’t really SEE one of them! That REALLY frustrated me!

1. Passwords may fail for your phone, email, chat, or other apps.
2. Reminder: If you lose your phone …
3. Reminder: If you are traveling …

Well, #1 is the message on top and must be most important, so I immediately did that, thinking it would take me back to the same screen later so I could READ the other messages. FYI, no, it didn’t. Not cool, Google.

It took me to a screen to allow me to review what apps have access to my account, and revoke permissions if I wish. This is what that looked like.

Google 2-Step Verification

Down at the bottom is the part about setting up passwords for your accounts and apps on other devices or which are not web-based. Again, I started to feel kind of nervous. What have I done? Have I just locked myself out of checking mail on the bus in the morning? What if I can’t check my calendar when I’m away from the office? Oh my, oh dear. What is an application-specific password? Am I going to have to memorize a gazillion passwords? I can’t do that, my brain will explode! Nervous, ayup. Watching the video really helped with those concerns.

The gist of it is that for each Google app on each device, you create a one-time password that is entered into that device ONCE. You don’t have to remember anything. Lose the device? You can revoke its password from your web browser. This is actually a really nice idea. I like being able to disable my account remotely if needed. Here is what it looks like after you set up a couple accounts for a device.

Google 2-Step Verification

Again, you get the code, put it in the device, and forget it. Problems later? Revoke, or reset with a new code.

Now I wanted to get back to that page with the yellow boxes and the reminders. Hey! It won’t let me! Uh oh, what do I do NOW?!

For reminders 2-3, I bet you can just imagine if you have to have your phone everytime you log in, what happens if you don’t have your phone? Oh. Forget it at home, in your other jacket, at the store, someone stole it … whatever, you are locked out of your email. Oh. Don’t worry, Google expects this and has a back up plan. More on that later.

Well, I did a web search and dug around a bit, so you don’t need to. If you make the mistake I did (which the Google design encourages you to make!), start here:

Getting started with 2-step verification > Help articles › Common issues

Google 2-step verification

This lets you set up a second phone that can receive the text message or voice message in case you lose your mobile.

Signing in with your backup phone
http://www.google.com/support/accounts/bin/answer.py?answer=1188780

It also allows you to set up printed codes to carry with you when you are travelling. Those look like this.

Google 2-step verification

Don’t worry. I immediately reset all the codes right after taking this screenshot, so they won’t work. You can see what they look like, though.

Signing in using backup codes
http://www.google.com/support/accounts/bin/answer.py?answer=1187538

There is another way, but for this you still need your phone. You can try the Google Authenticator app.

Google Authenticator:
http://www.google.com/support/accounts/bin/answer.py?answer=1066447

Last but not least!! If all else fails, log in here to troubleshoot further.

Google 2-Step Verification Account Setup Login:
https://accounts.google.com/SmsAuthConfig

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s