You can’t be too careful online these days. The previous year itself saw multiple cyber-security breaches across the globe: Hillary Clinton’s campaign coming to a floundering halt due to leaked emails; financial sites eBay, Bitcoin, Netflix, KFC losing millions in cyber-attacks; and hundreds SnapChat, LinkedIn account info stolen by phishing scams. Over half a billion Yahoo accounts were hacked in 2014 but it only became public last in September. Initially thought to be the world’s biggest security breach, it was soon overshadowed by another revelation, one involving more than a billion Yahoo accounts, breached way back in 2013.
So how do hackers hack your accounts? They scheme, they lay traps, they try to sneak in your system, they try to guess your passwords, but you only make it easier for them by not taking a few simple steps. Sometimes, hackers simply try out a list of common passwords and get in! Remember that this list is run by a computer program (say 300 billion attempts per second). So the first step to staying safe online is to pick a strong password and change it every once in a while.
Apart from a strong password, a very good way to boost your cyber security is to enable 2-step Verification or 2-factor authentication.
This system very similar to a bank vault. Instead of just one password, now you need two keys to access your account: your regular password; and a second key, a 6 digit verification code sent to your mobile phone.
Setting up 2-Step Verification for Google Account on Android Devices
- Open Settings
- Scroll down and select Google
- Under Account section, select Sign-in & Security
- Select 2-Step Verification
- Scroll down through the introduction, select Get Started
- You will be asked to enter your Google password
- In the next screen, you will be asked to input your phone number along with the respective country code. There is also a provision to choose between a text message and phone call as the preferred way to get your codes.
- After a sample call (or a message) you can turn on 2-Step Verification.
Now you will be presented with a range of alternative second steps to set up, in case you cannot access your phone or are unable to receive calls or SMS. You can choose one or more of these.
- Backup Codes: This is a list of single-use codes which you can download as a .txt file, print and carry around in a safe but accessible manner.
- Google Prompt: Instead of typing in the six digit passcode, just tap yes in a prompt on your phone. Select one of your enlisted devices. The selected device must have a screen lock for security.
- Authenticator App: Available for iOS and Android, this app generates verification codes, even when the device is offline. Sign into your account from your PC, Open My Account and under Sign-in & Security select Signing into Google. Select 2-Step Verification; you will be asked to re-enter your password. Select Set-up under Authenticator App. Select your mobile platform. A barcode will appear. Download the Google Authenticator app in your phone from Play Store. Tap Begin, select Scan a barcode. Scan the barcode on your PC screen. Click next on your PC and enter the code displayed on your mobile. This completes the setup.
You may also like: How to Remove or Sign Out of Google Account on Android Devices
*IF you cannot scan the code, you can alternatively use a password instead.
- Security Key: this is a physical device (not unlike a pen-drive in appearance) which can be plugged into a PC USB port for authentication. It is more secure than typing in security codes sent to your mobile, as some attackers might set up visually similar sites to trick you into giving them the code. However, this device doesn’t work with mobile devices or any web browser other than Chrome (v40 or above).
Although 2-Step verification is more secure, it also is more tiresome, especially if you use the same computer to log into your account multiple times. So there is a provision to add a PC as a Trusted Device while signing in. Simply check the box “Don’t ask again on this computer“. You can manage all you trusted devices from the 2-Step Verification page under Signing into Google.
Some apps and devices, like Outlook, iOS 8.3 or below, cannot use 2-Step Verification System. For these situations, you may use app passwords. On the Signing into Google page, select App passwords. You will be asked to re-enter your Google password and verification code to open the App Passwords page. Then select the name of the required app the device it is running on and select generate. These are one-time passwords, hence there is no need to memorize them at all. You can also revoke and reset your passwords from this page.