Google E-mail Accounts 2-step Verification
|
Could someone be reading your Gmail?
It is time to protect your email account. Google's Gmail has a great solution. Google is now offering improved security for its email users. It is important to secure your email accounts. The new 2-step verification method offered by industry leader Google is the answer.
The new 2-step verification method offered by industry leader Google is the answer.
The information provided below is courtesy of Google for your internet protection and is free:
Please see the original article at http://www.google.com/support/a/bin/answer.py?answer=175197
These articles are for Google Apps Administrators. End users should see Getting started with 2-step verification.
| Overview | Setup | Mobile, Desktop, and API | Troubleshooting |
If you are not a Gmail user now go and create an account at:
https://accounts.google.com/NewAccount?service=mail&continue=http://mail.google.com/mail/e-11-114e175e45da8034d21fae34636c1e-a03d2c11ae3e299364a9e999677f91151cc3ab16&type=2
2-step verification adds an extra layer of security to your users' Google Apps accounts by requiring them to enter a verification code in addition to their username and password, when signing in to their account.
The Google Apps Service Level Agreement does not apply to any services used in connection with 2-step verification if the verification process relies on third-party voice or data providers to deliver the verification code.
Why should I enable 2-step verification for my domain?
2-step verification helps protect a user's account from unauthorized access should someone manage to obtain their password. Even if a password is cracked, guessed, or otherwise stolen, an attacker can't sign in without access to the user's verification codes, which only the user can obtain via their own mobile phone.
Requirements
- A mobile phone that can receive the verification code via text message or phone call. See how to view the list of supported countries.Or
- An Android, BlackBerry, or iPhone. These devices use the Google Authenticator mobile app to generate the verification code.
- Note: 2-step verification can't be used for accounts using a SAML single sign-on service (SSO). See SAML SSO Service for Google Apps.
- 2-step verification is only available in US English in the next-generation version of the Google Apps administrator control panel. See Current vs. Next generation control panel for more information.
Note: If you're an API developer using ClientLogin authentication, read API Developers before enrolling in 2-step verification.
How it works
- You enable 2-step verification for your domain in your Google Apps control panel. See Setup 2-step verification for your domain for how to enable 2-step verification for your account. We recommend that you notify your users of this new security process and include instructions on how to get started.
Note: You can't force your users to use 2-step verification, they must opt-in themselves.
- The user enrolls in 2-step verification, and selects the method for receiving their verification code on their mobile phone: the Google Authenticator app, text message, or phone call. How quickly they get their code via text message or phone call depends on their service provider and location. We recommend users with smartphones to use the Google Authenticator app which can generate codes without a network connection.
See Set up 2-step verification for your Google Account.
- If this link doesn't take you to the 2-step verification page, you need to follow these steps:
- Sign in to your Google Apps Gmail Account and click Settings (in the top right corner).
- Under the Accounts tab, click Google Account settings.
- Under Personal Settings, click Using 2-step verification
- Follow the steps in the 2-step verification guide to set up 2-step verification.
Administrators can point users to Getting started with 2-step verification for step-by-step instructions.
- If this link doesn't take you to the 2-step verification page, you need to follow these steps:
- The next time the user signs in to their Google Apps account on a new browser or device, they enter their username and password as usual. They're then prompted with a second page to enter a verification code. When your user checks Remember verification for this computer, they're only prompted to enter a verification code once every 30 days per browser or after deleting their browser's cookies. Your users should not check this if they're at a public or shared computer.
- Depending on how they opted to receive their code, the user gets their time-based, one-time code from the Google Authenticator app on their smartphone or via text message or phone call. They then enter the code to successfully sign in.
- If a user loses their phone, they can use backup codes to sign in. See Signing in using backup codes.
Signing in to mobile devices with application-specific passwords
Once your users enroll in 2-step verification, they may need to use application-specific passwords in addition to their verification codes. For installed applications that don't have a 2-step verification field, your users will need to enter an application-specific password once per device or application in place of their regular password to access their Google Account.
Common devices and applications that require application-specific passwords are: Gmail and Google Calendar on Android-based phones, ActiveSync for Windows Mobile and iPhone, and IMAP clients such as Thunderbird. See Sign in to mobile or desktop apps for more details.
Remember that good security practices are critical to the integrity of your user's Google Account. Learn more at Keeping your account secure.
IMPORTANT: Backup Options Once You Have the 2-Step Security in Place
What happens when you lose your phone? Or travel without phone access?
Get some backup codes, or add a backup phone number at:
https://www.google.com/account
IMPORTANT: What to Do If Some Applications Stop Working
Some applications that access your Google Account might stop working
when you turn on 2-step verification. Examples include:
-Smartphones (e.g., Android, iPhone)
-Mail clients that use IMAP/POP (e.g., Outlook Express or Thunderbird)
-Chat clients (e.g., Google Talk)
-Picasa desktop application
To get these applications working again, you will need to generate a
new application-specific password, and then enter it into the password
field of your application. To get started or learn more, please visit:
https://www.google.com/account
To review or change your 2-step verification settings, visit:
https://www.google.com/account
To learn more about 2-step verification, visit:
http://www.google.com/support/
If you have questions about how 2-step verification works or want information about additional
steps to keep your account secure, you can learn more at the Help Center:
http://www.google.com/support/
