How to set up two-step verification for your Gmail account

It probably hasn't escaped your attention that Google's email service has been suffering on the security front, with the news coming last week that some five million Google account details have been leaked online by hackers.

While Google has tried to play this down, claiming that under two per cent of the spilled address-password pairs are actually currently valid, that's obviously still a worry for the one in fifty people who are affected (assuming Google's assertions are correct, of course).

Incidentally, you can check if you're affected by using this app.

At any rate, incidents like this remind us that it's a good idea to ensure that you have a solid level of security on important services like Gmail (with your Google Account password also providing access to numerous other services, such as Google Drive).

Related: Google plays down Gmail leak

The first thing you can do is ensure your Gmail account has a strong password – we discuss this in our previous article on this subject: How to change your Gmail password.

Once you have a secure password which is unlikely to be cracked or brute-forced, there is a (literal) further step you can take – which is to set up two-step verification. Also known as two-factor verification (or authentication), this is essentially a second line of defence whereby someone logging in must provide a code which is texted to their phone (or sent via the Google Authenticator app).

So even if a hostile party obtains your password somehow, when they enter it, they won't be able to complete the second stage of logging in, as they can't supply the code because they don't have your phone (hopefully not, anyway!).

Here's what you need to do to enable two-step verification:

  • Firstly, sign in to your Gmail account.
  • Click on your name or picture icon, at the top right of the Inbox, and then click on Account.
  • Click on the Security tab.
  • In the Password box top left, along from where it says 2-step Verification, click on Setup.
  • You'll be presented with a screen explaining how the system works. Have a read, and click on Start Setup.
  • Google will ask you for the number of the smartphone which you want to have the verification code sent to – enter this in the Phone Number box. You may have already told Google about your phone number for other account security purposes, in which case, the number will already be entered for you. You should also select how you wish to receive the code – via voice call or text. Most folks opt for the latter for simplicity's sake, but click the button for your preferred option, and then click on Send Code at the bottom.

  • Google will now send you a text with a verification code. It'll probably take five seconds or so to arrive. Enter the six digit code, and click the Verify button.
  • Google then asks if you want to make the current computer you're using a "trusted computer" – in other words, a machine you can access your account with, without requiring a verification code (for convenience, or indeed just in case you lose your phone). It's fine to do this with your home PC that only you use, but be careful about doing so on, say, a laptop which you might take out and about, and which could be stolen. Leave the box ticked if you want to make the current PC a trusted computer, or untick it if not, and then click Next.
  • Onto the last step – you'll be presented with the "Turn on 2-step verification" screen, asking if you're sure you want to go ahead. Click Confirm to do just that – you've now activated two-step verification, and you have a considerably more secure Gmail account.

Finally, Google will ask if you access your Google Account through other apps such as Mail on iOS, and if so, you can click the Reconnect My Apps button to get these working again (you'll need an application-specific password for each one). Or you can do this at a later date by clicking on a link in the confirmation email Google sent you offering congratulations on activating two-step verification.

Don't forget that you can also set up a backup phone for Google to contact, in case your primary smartphone does get lost – you'll be offered the option to do this following the completion of the two-step verification process.