How It All Works
Every time you sign in to your account, it will require your password. You are using a password manager. But a six-digit code is generated through a text message, the Authenticator app, or approval from the prompt. This way, if someone were to hack your password. They will not gain full account access unless they had your phone.
If they have your password and phone, you’re probably in greater danger than exposing your email. Sometimes, it will be a pain in the neck to type in the code. When you want to quickly access some information. But as an Android user, your account is the central hub of your digital life. Gmail, photos, contacts, work files and Play purchases reside there. Compromising all that data would wreak serious havoc.
Start in your browser
To get going, head to Google’s My Account page, then Sign-in & Security > Signing into > 2-Step verification. You’ll be able to choose among three steps; prompt, authenticator app, or SMS. From the prompt, the app will let you select from any phones you have connected to your account.
After adding a phone, you’ll need to authenticate it once. This will give you a preview of how it works. You’ll get a push alert replicated to Android Wear to approve your requested entry to your account. Approve this request, then you’re in.
Approve the sign-in request then you’re off to the races.
Authentication
Another reliable method is the Authenticator app. This generates a random code that routinely changes so no one else can steal or guess it. Enter the password, enter the code, and then be granted entry to your account.
There’s also an Android Wear app, so you can grab a code straight from your watch. Google makes the Authenticator app for iOS and Android. Some third-party services, like Evernote and Snapchat. Allow you to generate a different code for entry specifically to their apps. When you sign in for the first time. Finally, there’s the SMS method. Google will send a code via text message to your smartphone, then you’ll enter that when prompted. Select a phone number to receive text messages or voice codes when you want to sign in to your account. Select the prompt for 2-Step Verification, then choose a phone number to receive text codes. It will be the default suggestion if you have already connected a number to your account. Otherwise, you may add another number.
Then choose to receive the codes as SMS unless you want to take an automated phone call. The first six-digit verification code will then arrive on your phone. Enter that number on the screen. You are asked to trust this computer. If this is your primary machine, select yes. So you don’t have to go through the two-step process every time you access a service. However, skip this step if you swap around the machine or don’t trust your roommate.
Print Off Backup Codes
As another safeguard. Google will create a list of one-time codes you can use in case you are without your phone. Go into your account settings and click the print or Download button. It then generates a list of ten different eight-digit codes in a small rectangle. And can be printed off and saved in a wallet. Print off backup codes in your wallet or save them as a text file. You can also download them to a text file. Keep it somewhere you can easily access it. If you’re locked out of the account.
App Specific Passwords
You may need to create a one-time password if you connect your account to a non-Android device. Not all services support two-factor authentication. So it generates a one-time-only password to grant access to your account from apps like email or calendar on iOS.
In your account settings, select app passwords, then choose the app platform from the drop-down menus. Customize the app if a third-party app isn’t listed.
If you sell a device or no longer use these services. Head back into your security settings and revoke access to those applications. These steps are well worth it, whatever short-term inconvenience they may cause. Password security breaches are almost daily, so fire up that two-factor authentication to ensure you don’t become the next victim.