It pays to be as security-conscious as possible with online accounts. Here we show you how to get started with new Google safety measures to protect your email and documents.
Millions of people have a Google account and this makes them a prime target for criminals hoping to sell your valuable personal information. It's crucial that you have a strong password, and not one that's easily guessed. Ideally, your password should contain a mixture of upper- and lower-case letters, numbers and punctuation.
Passwords can still be broken with the right tools, though. Google is well aware of the threat and has introduced a second layer of security called 2-step verification. After enabling this extra security, you'll need both your password and a unique code to log into your account. This code is sent to you in a text message or voicemail – something that the hackers are extremely unlikely to be able to access.
Enabling 2-step verification
To enable 2-step verification, sign in to your Google account from the usual web page – it doesn't matter which service you're using as Gmail, Google Docs and YouTube all link to one account. Enter your username and password and then on Account Settings, which can be found in the menu that appears when you click on your user name.
In the Security section you'll see that 2-step verification is off. Click Edit to enable it; you may be asked to re-enter your password. Select the country in which your phone is registered and the number itself. Next, choose whether you want to receive the codes via text or voice message – you can change this option later.
It's best to enter a mobile phone number rather than a landline or Skype number. Under no circumstances enter a GoogleTalk number as you'll end up locking yourself out of your account as the code will be sent to Google Voice which is only accessible after you've logged in.
Click the Send verification code button and you should receive the code on your phone almost instantly. Enter this in the box and click Verify. It's worth ticking the box to remember the computer you're using since you won't be asked for a code every time you sign in for the next month. Finally, click Turn on 2-step verification and you'll be taken back to the Account Settings page.
You won't be asked for a verification code for the next 30 days unless you log into your Google account on another computer or device. Remember that you may be asked to enter a verification code for each Google site you use. Only tick the ‘Remember this computer for 30 days' box if you have sole use of the computer – or trust the other people who use it.
If you have a compatible smartphone, you can install Google's Authenticator app. This generates codes so you don't need a phone signal or data plan to receive a text or voice message. The app is available on Apple's App Store and the Android Market BlackBerry users should go to http://m.google.com/authenticator to download and install the application.
Bear in mind that you'll still need to enrol your phone number as part of enabling 2-step verification to use Authenticator. Don't forget to click on the relevant link on the settings page for your specific device type – follow the instructions to link your handset to your Google account. iPhone users can scan the QR code while BlackBerry owners will have to enter the key manually.
Once this process is complete, you can use your phone to quickly get a code whenever you're asked as you sign into your Google account.
Not all Google services use verification codes, so you'll need what Google calls application-specific passwords to log into certain ones. For example, Google Calendar, GoogleTalk, Picasa and Sync all require a special password in addition to your normal password. These services will provide a link to generate an application-specific password, or you can browse directly to the ‘Authorising applications & sites' page which is in the Security section of your Google account settings.
Simply enter the name of the application and click the Generate password button and copy the text that appears and paste it into the box of the application asking for it. It doesn't matter about the spaces: these are ignored. You won't have to memorise or write this password down as it can be used only once – you'll only need to generate a new one when you first use an application or site that you haven't already signed into using 2-step verification. If you need to, you can revoke access to one of these applications by clicking the link next to the program in question in the list at the bottom of the page.
Occasionally, it won't be obvious that you need an application-specific password. For example, if you try and configure Gmail on an iPhone it will appear as if your usual password is incorrect as you'll be unable to log in. What you need to do is generate another application-specific password and type it in when you see the ‘password incorrect' message to verify your account on the device. This is because application-specific passwords replace traditional passwords rather than complementing them.
Although 2-step verification makes your account almost impossible to hack, it can also prevent you from logging in if you lose your phone and can't get codes. For this reason, you should enter a backup phone number on the settings page and also print some backup codes. You can carry the latter with you to ensure that you can always log in even if you can't use your phone for any reason.
If you want to disable 2-step verification you can do so on the settings page. You'll be asked to enter your usual Google password and possibly a verification code. Click Turn off 2-step verification and then confirm the action in the pop-up window that appears. Be sure to revoke all application-specific passwords as well to return to using standard passwords with other services that don't use 2-step verification.