Last year, Google introduced a two-factor authentication system which requires users to enter a verification code that appears on a mobile device in addition to a regular password while logging in. The extra layer of security makes it harder for hackers to brute force their way into a Google Account, however this feature was only available to Google App Premier, Education, and Government customers. Starting today, the two-step login system is available to all users.
To enable this feature, Google users can head to their Account Settings page and proceed through a quick set-up wizard. There is even an option to select a backup phone in case your primary device is lost or stolen. Once ready to go, an additional dialogue prompts users for a verification code while logging in. Google calls or sends an SMS with proper code after entering the proper password. There are also mobile apps for Android, BlackBerry, and iOS devices to avoid wasting minutes or text messages.
It’s an extra step, but it’s one that significantly improves the security of your Google Account because it requires the powerful combination of both something you know—your username and password—and something that only you should have—your phone.
Google offers an option to only require mobile verification every 30 days, however we highly discourage going about that route. Although it might be frustrating to waste a few seconds each time you want to get to your email or calendar, it is even more painful to recover compromised data.
I tried to enable this feature on my personal Gmail account and a Google Apps work account, but it was not available for either yet. After heading through some help documentation, I found that Google will push the updates out to all customers over the next 2-3 days. If you have this feature working already or ran into any issues, feel free to let us know in the comments.
Links: Google Blog