More safety for your Google accounts: two-step password verification

Currently, passwords are the most often used mechanism for preventing strangers from accessing our online data. But passwords only offer limited protection: Many are easy to guess and most people use the same password for several accounts. This explains why, if one online service has been hacked, accounts on other services are often compromised, too. For Google accounts, you can now get additional safety via “two-step verification”.

With two-step verification, you first enter a password and then a verification code. [Source: Google]
With two-step verification, you have two independent means of identifying yourself. You might be familiar with this principle from online banking, where you typically use a PIN to log in and a transaction number (TAN) when you do something important. You obtain the TANs via a non-online channel, e.g. on paper via mail. In the case of Google, you will be asked for a verification code after entering your normal password. The verification code can come from one of three sources, all of which involve a phone; you have the option to only enter the verification code every 30 days.
  1. Spoken to you you via an automated voice call
  2. Sent to you via an SMS
  3. Generated for you via a phone app, on Android, Blackberry, iPhone
It seems like cell phones are bound to play an important role in keeping data and monetary transactions safe. The use of a computing device makes it harder to copy the means of identification. That is, to steal it without you knowing about it. Three negative examples: Credit cards that only have a magnetic strip can be easily copied, credit card numbers can be stolen, and there are various schemes for getting simple n-digit PINs to accounts.

Read more on two-step verification (including safety measures should you lose your phone) in Google’s post “Official Google Blog: Advanced sign-in security for your Google account” [via Marianne Busch].