Turning on 2-factor authentication for gmail

I recently turned on 2-factor authentication for my personal Gmail account. I have had it on for my foursquare account for quite some time for security purposes, but I never thought about turning it on for my personal account. After reading this account via Wired of Mat Honan losing almost everything – I decided to take the plunge.

Since I already had 2-factor on for work it was not that complicated to make the switch.

I highly advise getting the Google Authenticator app if you are going to do this as it makes having the codes necessary for logins much easier. The app also handles multiple logins very easily.

The biggest challenge is setting up apps that use your gmail authentication every day. For me these were;

iPhone mail + cal
Chat
Browser sync
Browser mail
And a handful of others

Each app that you have authed in the past or need ongoing access to needs an application specific password. This sounds complicated and google does not make the process easy, probably because once its done you never go back to this complex settings area. The benefit is that you can immediately control app specific access to your gmail account.

The truth is that my gmail is essentially a gateway into the rest of my identity. I was amazed at how long I went without two factor authentication for gmail. Along with the typical security controls in place which monitor your account in the background, this is a (in my opinion) a necessary step for anyone that has much of their identity tied to a gmail address.

The added security comes at some time cost as you need a 6 digit pin when you use a new machine to login for the first time. If you have your phone handy with the app you should be all set. You also get the option to print out a set of codes for backup. It’s kind of a nerdy set of your own special codes but worth it if you need them.

All Google related login products will require the 6 digit code – but again its worth it.

  • http://twitter.com/itsmejon Jon Steinback

    I totally agree. The one circumstance I get nervous is the international travel case (when I don’t always have my phone on me). What I usually end up doing is creating back-up codes, printing them, and also emailing them to a friend I’m traveling with (in case my printed-out copy gets lost). Backups for backups for backups.

  • http://spencerfry.com/ Spencer Fry

    I’ve been using two auth on Google for a while. Equally as important, you should look at setting up 1Password for all of your stuff. I use it now and you can’t beat a password such as the ones they generate e.g. E^8AEEMnvyE+jgZkKvoLTz9cki.

    I’ve also set up two auth on Dropbox and GoDaddy. You should do the same!

  • http://www.ericgfriedman.com/ Eric Friedman

    I didn’t think about 2-factor with Dropbox, but that is a no brainer! I will do the same with GoDaddy but my domains are locked.

    I recently switched to 1Password after years with another software. I bought it recently too as part of the productivity sale at apple. Its amazing software and I actually sync it with Dropbox and can now access anywhere on the web (which was its downfall in the past)

  • http://www.ericgfriedman.com/ Eric Friedman

    The backup printed codes feel like nuclear codes to me. #spygame

  • http://spencerfry.com/ Spencer Fry

    Yeah. I love the Dropbox sync. I’ve also got it on my iPad and iPhone. The only annoying bit is when a cookie expires on the iPhone and you have to go into the app and copy it. Not a huge deal, but still a bit of a pain.