A strong password is crucial to account security, but it’s not impassable. Many common actions leave you vulnerable; including using the same password on more than one site, downloading software, or clicking on links in email messages. Once your password is stolen, a hacker can access your email, contacts, photos and documents. They can pretend to be you and send out harmful emails, lock you out of your account, delete all of your data and/or reset passwords on things like your banking accounts.
Since journalists are frequent hacking targets, it’s important to secure your account with the best tools available. Google’s 2-Step Verification can help keep hackers out, even if they’ve acquired your password.
When you use 2-Step Verification, signing in to your account will work a little differently.
- You'll enter your password. Whenever you sign into Google, you'll enter your password as usual.
- You'll be asked for a second step. Then, you’ll need to enter a code, which you’ll receive on your phone via text, voice call, or our mobile app. Or, if you have a Security Key, you will insert it into your computer’s USB port.
With 2-Step Verification, even if a bad guy hacks through your password layer, he would still need your phone or Security Key to get into your account.
First, we’ll show you how to use phone-based 2-Step Verification, so you can protect your account right away. We’ll cover Security Keys later in the lesson.
To begin installation, log in to your Google account as you normally would and click My Account.
Select Sign In and Security > Signing in to Google.
Under Password & sign-in method, you can see that it says 2-Step Verification: Off.
Select that link, then click Get Started to begin.
You should now be looking at your Google sign-in page. Enter your password again to get to the next page.
Now, you can enter a phone number to receive verification details and choose whether you want the code via text or voice call.
You’ll get a code delivered to confirm that the system is working.
Next, you’ll confirm that you want to turn on 2-Step Verification.
Once it’s enabled, the next time you sign in, Google will ask you to enter a passcode to verify your identity.
You can ask Google to trust your machine by checking Don’t ask again. From then on, that computer will ask only for a password and not a verification code during sign-in.
While you may be familiar with verification codes sent via phone, fewer people know about Security Keys. A Security Key is a small, physical device used for signing in that plugs into your computer's USB port. Advantages include:
Better protection against phishing. Even with the phone method of 2-Step Verification, you are still vulnerable to sophisticated attackers who can forge Google lookalike sites that ask for your verification codes. A Security Key uses cryptography instead of verification codes and automatically works only with the website it's supposed to work with.
No mobile connection or batteries needed. Security Key works without a data connection, and you can carry it wherever you go on a keychain or in your wallet.
You can choose either a phone or Security Key as your primary verification method.
You can easily purchase a Security Key online -- just be sure you choose a device that is compliant with the open standard called “FIDO Universal 2nd Factor (U2F).” Before you can use your Security Key, you’ll need to register it to your Google Account so that you can use it to sign in on any computer.
In the 2-step verification section of your account, go to Add a Security Key.
To sign in, tap or insert the key when prompted. You won’t need to re-type codes from your phone.
It’s a good idea to register more than one Security Key to your account, in case you lose one.
No matter which primary verification method you use, you’ll want to set up at least one backup option so that you can still sign in even if you don't have your phone or Security Key. No matter what you choose, you’ll feel confident knowing your account is both secure and accessible when you need it.
For more information, visit the 2-Step Verification site.