2-Step Verification for Gmail

If you have a Gmail email account, you may recently have received an email about 2-step verification (2SV). It's the same thing as the multifactor authentication (MFA) that Microsoft talks about, and it's designed to solve the biggest remaining source of risk for your account security - human error. 

Both Microsoft and Google have extremely good security these days. By far the most common and effective method for scammers to get hold of login details is by asking users for them via scams and phishing emails. While most users are now clued up about these generally, the reality is that everyone is occasionally tired or distracted and that's when scammers are most likely to succeed, sometimes with disastrous consequences for the user. Every client we have had come in recently who has fallen victim to a scam has said very clearly that they know about this stuff, and they just missed it this time because of some extraneous factor like being in a rush or having something else on their mind. 2SV/MFA is designed to solve this problem.  

How does it work?

MFA or 2SV is a third step to logging in to an account (such as email or your Microsoft account) which requires you to confirm that it is you attempting to log in, using a code or an authenticator app on your phone. The idea is that a scammer may have tricked you into providing your login details, but they're unlikely to have also stolen your phone. You won't be required to verify your log in every single time but you will on a new device on which you haven't logged in before, or perhaps if you're in a new location far from home, and then just occasionally on your normal computer and in your normal location. This is because a scammer is likely to be using a different computer from a different location, so those log ins have been identified as being higher risk. The increase in protection using these systems is significant so we certainly recommend enabling this on your email account, whether it's a business or a personal account. And in fact both Microsoft and Google (Gmail) are soon going to be insisting on it. 

So how do I set it up?

You can use the instructions in the email sent to you if you've received one, or follow these steps:

  1. Sign into you Google Account (or open your gmail email page if you have it bookmarked and the password saved).
  2. Click on your account, top right corner, you might have a tiny picture of yourself, or it could be your initials.
  3. Click on Manage Your Google Account.
  4. Select Security from the left hand menu.
  5. Scroll down a bit to the section Signing in to Google.
  6. Select 2-Step Verification and follow the instructions. 

If you're a regular You Tube user you may have the option to verify through You Tube. It's entirely your choice but I prefer to use texts to my phone. I feel like that might be more secure in general as people could have the same password set up for You Tube as they have for their email, which would undermine the effectiveness of 2SV. However, one potential drawback of using your phone is that people sometimes change phone numbers and that could impact on access to your account. If you're like me though, and so attached to your phone number that you would take it with you to another phone, then the text notification makes sense.