Gmail Account - 2-step verification

[neil154]

I would appreciate it if someone could give me a better explanation of the 2-step verification process which is better than explanation provided by Google.

I understand that I enter my email address and password as normal, then I will enter a code which they will send me to my phone and then when I will have to enter the code for login.

Do I get a new code evert login?
Do I do it only once and then I enter everything as before but I have to include this same code every time I login?

Would appreciate a more detailed response before I activate it. Also, If I activate it and do not like it can I switch back to normal?

 

[B. Diddy]

If you are logging into computers you haven't designated as trusted, then you will have to enter a new (and different) 2nd step code every time, which is either sent to you on your phone as a text message or is generated by the Google Authenticator app (which is a much easier way to go, if you have a smartphone).

When you log into a non-trusted computer, it will always give you the option to trust that computer, so that future logins will not require the 2nd step. Make sure this is a computer that has a low chance of falling into the wrong hands.

Where it gets tricky is that some Android apps aren't yet compatible with 2 step verification, like YouTube (at least, it wasn't when I first linked it to my Google account). For these apps, if you want to link to your Google account, you have to generate a one-time Application-specific Password. So let's say you want to link your YouTube app to your Google account. You have to:

1. Go to Settings/Accounts & sync, tap on YouTube (or tap Add Account and select YouTube),
2. When prompted to log in, enter your Google user ID, but instead of entering your usual Google password, you have to enter a one-time randomly generated password at your Google account website.
3. It's best to do this part on your desktop. On any Google page where you're already logged in, click on your account picture, then click on Account. On the left column, click Security. Scroll down, and under "Connected applications and sites," click "Manage access." Enter your usual Google password to continue, then scroll all the way down to the section for Application-specific Passwords.
4. Enter the name of the app that you're trying to link, just for reference. A long string of letters will pop up next--this is the one time password that will allow you to log in and link the app to Google. Don't worry if you mess it up--you can always erase it by clicking on Revoke afterwards, and you can generate new passwords any time you want for the app. But you really only have to do it once, because once it's done, you don't have to repeat the process (unless you remove the account from your device).

Complicated, I know. But the added security is worth it.

 

[neil154]

B Diddy - thanks for such a good response. You covered most things that I would be concerned about but I would like to get a little more information. If I do not like the 2 step can I get rid of it. Also, how does the 2 step process work with my S3, is this any issue. Lastly, as you said you must be careful about "trusting" a PC. If I trust my laptop or phone and either one is lost or stolen is there a process to untrust that device?

Thanks for all your help.

 

[B. Diddy]

You can easily get rid of 2 step verification by going to your Account/Security menu on your desktop, clicking on Settings under "2-step verification," and turning it off from there. You can also choose to "Forget all other trusted computers," so that's how you'd untrust a stolen computer.

To be honest, I can't remember exactly how I set up my phone with 2 step verification, but it wasn't hard at all.

 

[neil154]

Thanks for all the information, I will definitely give it a try

 

[anon(847090)]

You can easily get rid of 2 step verification by going to your Account/Security menu on your desktop, clicking on Settings under "2-step verification," and turning it off from there. You can also choose to "Forget all other trusted computers," so that's how you'd untrust a stolen computer.

To be honest, I can't remember exactly how I set up my phone with 2 step verification, but it wasn't hard at all.

Thanks for all the information, I will definitely give it a try

to setup android using 2 step authentication you have to create a application specific password. the usual password wont work
when the login page appears type your email id and app specific password. you can also revoke the app specific password(in web) if your phone got stolen and that phone wont have access to your google account

 

[neil154]

Thanks for the additional information

 

[BHBandit]

Make sure you remember all information you sign up with and definitely save. I didn't do that and changed phone number and lost everything. Apps, music all of it. Because I can't retrieve code from old number.

Sent from my HTC6435LVW using Android Central Forums