Google is offering customers a second layer of protection when logging into their accounts. The idea is to have another line of defense if a user’s password is swiped. So what, exactly is the search engine leviathan doing, and what should consumers know about it?
The announcement was rolled out on February 11, in a blog post by Nishit Shah, product manager for Google security. In the post, Shah walks consumers through the two-step verification and explains the process. He says it should only take 15 minutes to complete and should help add an extra layer of protection against identity breaches.
“Your Gmail account, your photos, your private documents—if you reuse the same password on multiple sites and one of those sites gets hacked, or your password is conned out of you directly through a phishing scam, it can be used to access some of your most closely-held information,” he writes.
“As we announced to our Google Apps customers a few months ago, we’ve developed an advanced opt-in security feature called 2-step verification that makes your Google account significantly more secure by helping to verify that you’re the real owner of your account,” he adds. “Now it’s time to offer the same advanced protection to all of our users.”
[Related Article: FTC "Do Not Track" Proposal: Q&A With A Privacy Advocate]
Step one is to check Google’s account settings page. If you don’t see one already, Google will place a new link on the page to get you started. Shah says that one of Google’s ubiquitous set-up wizards will walk users through the registration process. You’ll need two independent keys for authentication – Shah uses a bank website password and numerical code as an example.
According to Shah, here’s how to set up the verification account:
- Once you enable 2-step verification, you’ll see an extra page that prompts you for a code when you sign in to your account.
- After entering your password, Google will call you with the code, send you an SMS message or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iPhone device.
“When you enter this code after correctly submitting your password we’ll have a pretty good idea that the person signing in is actually you,” Shah writes.
How does the two-step verification keep hackers away? Google says that the added security comes from two paths: your Google account user name and password, and your phone number.
[Consumer Resource: 12 Steps for Protecting Your Identity]
It looks like a pretty easy process but if you run into any roadblocks, visit the Google Help Center and they’ll walk you through it.
If you’re an avid Google account user, it’s worth the effort. You can’t put a price on your personal identity portfolio.
But an unscrupulous, crafty hacker can.
Image by Robert Scoble, via Flickr