Gmail two-factor authentication

It's interesting that Google had revealed that fewer than 10% of people using Gmail have two-factor authentication active on their account. Most people are relying on just their password to protect them!

So why should anyone be worried about their email getting hacked? A lot of people might say that their email doesn't contain anything of particular value to worry about – but they forget that your email is often the access key to every other service you use online.

Think about all the forgotten password reset forms you've ever filled in. Most of the time, all they require is for you to enter your email address, and then click on a link in the subsequent email they send you.

So, if I have access to your email account, I can start accessing all your accounts: all your social media accounts, all your online utility accounts, and maybe even some of your bank/financial accounts. I can certainly find out a lot of information about you that I could use for identity fraud.

I also have full access to all your contacts, and can approach them, pretending to be you, and try and scam them out of money or information.

So I'd certainly recommend that your email account should be the most secure account you have online – precisely because its the gateway to all your other accounts.

So what is two-factor authentication then?

Two-factor authentication requires you to enter two pieces of information to access your account. The first authentication is your password, and the second is typically something like a 4 or 6 digit code sent via SMS to your phone.

With two-factor authentication enabled, you need to have access to both your password and a physical device (your mobile/cell phone) to access your account. And so it makes it a lot harder for someone to hack into your account.

Google makes it even easier to use, in that it offers alternatives to the typical SMS code sent to your phone. You can do your second authentication by using any of these methods:

  • clicking a button on your phone
  • running an authentication code app (useful if you don't have signal to receive an SMS)
  • receiving an automated voice call to your mobile or landline
  • storing a security code on a USB stick
  • having a printed list of codes

And once you have authenticated yourself on a particular computer or device you often don't need to re-authenticate yourself for a month or more – and so it's not that big a hassle.

And to enable it, all you have to do is visit the Google 2-Step Verification site and turn it on. It takes only a few minutes, and could go a long way to securing yourself online.

What about other services?

You can enabled two-factor authentication on all major sites such as Facebook, Twitter, Instagram and LinkedIn. Your bank probably forces you to use it, or has some additional security steps to try and protect your account.

And you can visit the site Two Factor Auth to find out what online services you use have it available.