How to Make Your Google Account More Secure

By Paul Mah | Posted August 30, 2012

It seems like every other month that a major online service has its password database stolen, starting a new ripple effect as hackers try out the compromised passwords on other online services. While the obvious solution would be to stop using the same password on different websites, two-factor authentication is a viable and far stronger alternative.

If you use Gmail and other Google services, you'll be glad to know that you can use two-factor authentication for your Google Account. In this article, I describe how to enable it and outline some considerations below.

Set Up Two-Factor Authentication for Google Accounts

To enable two-factor authentication, go to your Google Account and click on the Security link.  Enable the 2-step verification option, and the system will proceed to walk you through setting up a preferred method of receiving the one-time second-factor codes: This can be a mobile phone number or the Google Authenticator app running on a supported smartphone.

The latter option is probably preferred if you often find yourself at locations with poor or no mobile coverage, though Google allows you to set up both methods. Once you enable 2-step verification, Google will ask you for a verification code when you log into its services.

Application-specific Passwords

Keep in mind that many connected apps and services now link to your Google Account. This could range from other Google services such as Google Drive and Google+, to third-party services such as LinkedIn and Klout. You don't need to do anything with services that are compatible with 2-step verification, as existing services will start pre-enabled. Note that you can opt to revoke access to specific services by clicking on Manage application-specific passwords and then clicking on the appropriate Revoke Access button.

Unfortunately, not all services support 2-step verification at the moment. To support these apps without compromising your security, Google lets you create unique passwords for each service under the Application-specific passwords section. This helps limit the damage in the event of a password breach for any one service. Setting this up is easy: Simply type in a name for each service and click on the Generate password button. You can also revoke specific services here at any time.

Additional Security Considerations

In the event that you lose access to your primary device for receiving one-time codes, Google lets you configure additional phone numbers in advance. For example, you can set up additional backup phones to receive the one-time codes. Moreover, you can also generate up to 10 backup codes that you can print and tuck into your wallet or save as a file on your computer. You will certainly want to do this if you use your Google Account for business.

Finally, it is possible to setup a trusted computer so that you don’t get asked for a verification code every time you attempt to login. For security purposes, you can revoke permissions assigned to a trusted machine any time by clicking on the Edit link next to the 2-step verification status under the Advanced section.

Setting up two-factor authentication for your Google Account is not difficult, though it does involve an initial setup and a bit of patience to configure application-specific passwords for third-party services. However, Google made commendable efforts to make the transition as seamless as possible, and the improved security is certainly worth it.

Paul Mah covers technology for SMBs for Small Business Computing and for IT Business Edge. He also shares his passion for and knowledge of everything from networking to operating systems as an instructor at Republic Polytechnic in Singapore, and is a contributor to a number of tech sites, including Ars Technica and TechRepublic.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!