What is Multi-factor Authentication?
The basic idea is a system that asks for more than just a standard username and password. You have to provide that information through a variety of possible channels. It depends on the provider and how they implement this. Some will email a code, others will text you and may require a text reply, others use a smartphone app, or even give you a phone call to deliver a code.
Why Enable Multi-factor?
Having multi-factor authentication configured with your email is really a must have. Let's go through a scenario. You forget your financial website password. Asking for a reset sends an email to your inbox with a link you can reset your password with. In fact, many systems all work this way. Your Netflix account resets with an email. Twitter, LinkedIn, Facebook, all email password reset links. What if someone had access to your email? They just obtained the ability to reset passwords of numerous other services and take over or access even more personal information. They practically have the keys to the kingdom.
Today we'll go over how to turn on Google's multi-factor authentication component along with important considerations.
Where to Start
There are a number of settings with Google. Don't be discouraged in attempts to find it. You've got signatures, Google Docs to deal with, and all sorts of other roads that can lead you to frustration. I'll try to make this simple with a few links and directions on where to click.
Go here and login. Then click the box titled "Sign-In And Security".
On the left column you'll see a set of menus. Find the one labelled "Sign-in and Security". (If you want to skip a click pick "Sign In to Google" instead.
Click "Sign In to Google" which is found on the left column under "Sign-In And Security".
Adjusting Your Settings
On the right side of the screen you'll see Account Recovery Options with email, phone, and security question. I'd highly recommend setting these in case you do need to recover access to your account. It gives you some other emergency options in case something happens. One example? Your phone breaks: no more multi-factor authentication for Gmail, just like that.
Now that you have those settings configured select:
2 Step Verification
Under this area is where you configure you phone, and optionally you can load the Google Authenticator App on your phone which I recommend. You also have the option of getting backup codes. "Why use the Authenticator App and what is with these backup codes? Am I launching nukes?" I'll give you something to consider. If you travel to other countries and may not have cell service, or you're somewhere with spotty cell service, a text may be hard to come by. The Authenticator App lets you verify while on any sort of wifi you can connect to. You can also configure it to let ask you to simply press 'Yes' when authenticating instead of putting in a code. As for the codes? Remember when we talked about your phone breaking? I know, we don't want to think about that. But let's face the possibility with bravery. One example: codes could be printed and kept in your wallet in case of emergency. I'll leave it up to you.
Congratulations! With Multi-factor authentication configured you're much less susceptible to being hacked and having your email being used to send out nasty grams with infected content to all your friends and family. Also your extended accounts which use your email as a reset safety net are in a safer state. If you have questions leave a comment and I'll get back to you.