Google has finally rolled out its new 2-Step Verification service to my account, and presumably everybody else’s in Australia. This is a great step towards securing our online presence and personal information, especially our email.
How does it work? After signing up for the (optional) service, every log in thereafter will require both your password and a special code that Google will SMS to your mobile phone, not unlike the Commonwealth Bank’s Netcode SMS feature. This SMS code is randomly generated at the time of sending and valid only for your Google account. Thus, nobody can sign in without access to both your password and your mobile phone. For convenience, you can also tell Google to remember your login for up to 30 days on a particular computer, like the traditional “Remember Password” feature.
Google also has POP3/IMAP and OpenID covered. For any services that don’t support 2-Step Verification, “application specific passwords” can be generated and used in lieu of your account password and SMS code. You can generate as many of these as necessary, so I recommend using one for each service.
Overall, I’m pretty impressed with the new 2-Step Verification. It’s straightforward to use and adds a great additional layer of security to my account. It’s no excuse to get sloppy with passwords, but I think I can be confident that my account is now significantly more difficult to compromise.
You can sign up for the service by logging into your Google account, visiting the My Account page and selecting “Using 2-Step Verification” from the Security menu.