You can use a Google account to login to Gmail, Google Calendar, Google Docs, and dozens of other Google services — but you can also use it to login to third party apps such as online office suites, news readers, and more. That means if someone manages to obtain your Google account info, not only can they access your email, pay for goods using Google Checkout, and generally wreak havoc with your life. They might also be able to access your data on services that aren’t maintained by Google.
Today Google announced something that can help protect you: 2-step verification.
Here’s how it works. Once you opt-in, you’ll need your username, password, and a unique code to login to Google. That code is constantly changing, which means that even if someone gets your username and password and your security code from half an hour ago, they won’t have enough information to access your account.
Of course, Google still needs to make sure you always have the latest code so you don’t get locked out of your account. To do that, Google uses your phone. When you want to login, Google can either send you a text message or you can use a mobile app called Google Authenticator for Android, BlackBerry, or iOS.
Once set up, in order to login you’ll enter your username, password, and a 5 to 8 digit code that you get from your phone. You can either enter this information each time you login, or you can tell Google to keep you logged in on for up to 30 days on your computer.
For third party applications that use your Google account information, Google will generate 16-digit application-specific passwords since most of these apps don’t currently support the 2-step verification service.
This is all optional, but it’s definitely a smart way to protect your data. You’ll probably also want to give Google a second phone number in case you somehow lose your phone and someone steals your password.
2-step verification has been available for Google Apps customers since September, but starting this week Google is rolling the security feature out to everyone. Once the feature is available for your account, you should see a “using 2-step verification” link in the settings on your Google Account Settings page.