SPRINGFIELD, NJ - A Gmail phishing* attack has been perpetuated on millions of users in which the hacker sends you a fake email with an attachment that appears to come from one of your friends. Clicking on the attachment takes you to a replica of a Gmail login page. Once you enter your login and password, your email account is successfully hacked.

A single step authentication, i.e., using only your password to unlock your account, can be readily compromised by the 'phishing' attacks as described above, enabling hackers to access your account. However, the use of an additional layer of security in form of 'two-step verification' will prevent an unwanted individual to access to your email when your password is compromised.

In these days, it has become an absolute must to set up two-step authentication on all of your email accounts as well as other Internet-based accounts.

Sign Up for E-News

If you are interested in making your Gmail account hacker-proof right now, then skip the discussion below and proceed directly to the 'How to setup two-step verification for your Gmail'.

Two-Step Verification Versus Two-Factor Authentication

Authentication in computers is the process of identifying yourself to a device with an id and a special piece of information that only you can provide, e.g., a password. Unless your password is long and complex, it can be readily decoded by software known as a ‘bot’. Since most people use the same password for all of their Internet activity, once their password is hacked, then, all of their accounts become vulnerable.

There are three types of authentication factors:

Something you know:

Password or a code sent to your phone

Something you have:

A smartcard or a Yubi Key

Something you are:

Fingerprint or your iris print

When two different factors are used to open the door to your account, then it is considered 'two factor authentication'. When multiple different factors are used to open the door, the process is called 'multi-factor authentication'.

On the other hand, when the same factor, e.g., ‘something you know’, is used in two different formats or steps to open the door, for example, password and a code sent to your phone the process is called two-step authentication. You may argue that the code that is sent to you represents a second factor since it is received on a device that you have. However, this argument overlooks the fact that it is the code, ‘something you know’, that is enabling you to access the account and not the physical device that receives this code. Two-step verification and two-factor authentication both offer an additional layer of security that is ten times better than single-factor authentication.

How do you setup two-step verification for your email account?

Two-step verification to access your email account is the preferred security feature that we should all use to secure our accounts against hacking.

We will discuss the simplest way to set up two-step verification for your email. Two-step verification can be used for other Internet email accounts and services such as PayPal, Dropbox, Kickstarter, Mailchimp, Apple, LinkedIn, Evernote, sites powered by Wordpress and many more services.

Here is an example of how to set up two-step verification for Gmail.

Step 1: Open your Gmail account settings by clicking on 'My Account' on the top right hand corner of your email on a browser. (Figure1) 

Step 2: Click on 'Sign-in & Security' on the settings menu. (Figure 2).

Step 3: Click on '2 Step Verification' on the next page (Figure 3). Once you click on 'Get Started' (Figure 4), it will take you through the steps to setup 2-step verification.

Step 4: Add your mobile number on the next page so that Google can send you a code each time you log into your account from a new device. (Figure 4)

Step 5: Once you add your mobile number on the next page, Google will send you a code to your phone as in Figure 5.

Step 6: The next step is to add the code provided in your text message to Google as in Figure 6 below.

Step 7: You are all done and you can now TURN ON two-step verification by clicking on “TURN ON” as in Figure 7.

Setting up this one time 2 step verification process will keep hackers out of your email forever as they cannot get access to your phone. They would need to not only identify your mobile phone number but also intercept the text messages to get to the same code.

There are other alternatives to setup additional precautions that Gmail offers as shown in Figure 8 such as backup codes and 'Google Authenticator App' or 'Yubi Keys' which we will discuss in future articles.

About the author:

Nirupama Mallavarupu is the Founder and CEO of MobileArq, a boutique software company based in Summit, NJ. MobileArq is offering a build-an-app course this winter for high school students. Please check it out at https://mobilearq.com/learn-build-an-app-winter/ . Send support@mobilearq.com any questions you have about the article or the course.