I've heard one too many cases of users gmail accounts getting hacked, and I think that any web-based email is susceptible. At one point I had considered getting rid of my gmail altogether, but now that Google has setup two-factor authentication that is free, very well thought out, and easy to use, I don't think that will be necessary.

You DO have to set it up though if you have a gmail account so listen carefully.

First, what is two-factor authentication? Most users are comfortable and understand how to enter a password, which could be considered one-factor authentication. The system is verifying who you are with a password, and that's it. Therein lies the problem, if your password is stolen or figured out, anyone can authenticate as you.

The second-factor in authentication can be anything that ties your account to you. There are a wide range of options when choosing a form of authentication, but Google has made some wise choices by selecting a method that you already have available and is easily accessible. Also, in the Google world, two-factor authentication is called "2-step verification", so look for those keywords.

For the second step after the password, Google simply sends you a secret code to some other device, other than your computer. It can be through a phone app, a text message, or a phone call for example. You make the choice when you setup two-step verification. Then you key in that secret code in your browser.

How does that make you safer? Well, presumably, a hacker does not have access to any of your phones, so when the secret code is delivered, he will not be able to authenticate the second step.

The only security risk I see here is if someone hacks your account and sets up two-step verification before you do, so if you can, do it now, it doesn't take that long and it's definitely worth it.

More Info on Two-Factor Authentication

Google Support with Video on 2-Step Verification

Nerd is the New Jock

Tech Industry News and Blog
View All Posts