How to Setup Your Gmail to use Two-Factor Authentication

Recently, there had been many attack on application which uses a single factor authentication such as Twitter and Tumblr and it is about time for us to emphasize in setting up our Gmail account to have a Two-Factor Authentication, also known as 2-Step verification in Gmail terminology. If you had missed part of my blog, you can refer back to my explanation on Two-Factor Authentication. In short, 2-step verification is a process where during your login process, you will be required to submit as well a six digit code sent by Gmail to your cellphone apart from your usual username and password.

Features of Gmail 2-Step Verification

Gmail 2-step verification provides you a two-factor authentication, another layer of security in your login process. The six digit code that is sent by Gmail to you can last for at least 31 days, which is about a month. Hence you can save the six digit numbers as well into your computer so that you don’t have to ask for the six digit number again the next time when you login to your Gmail account until 31 days later. If you do not want to save your six digit number into your computer, you can choose to uncheck that option upon login. [Read: How to Avoid Security Threats?]

How to Setup the Gmail 2-Step Verification

1. Go to your URL address bar and type:

2. If you still have not login, just enter your username and password to login.

3. Locate and click on the link ‘Using 2-step verification’.

01 Gmail 2-Step Verification4. You will be asked again for your Gmail password and simply just type in your password as confirmation.

5. You will see the screen as below and although it says that you will need around 15 minutes for the setup, but it took me less than 10 minutes to set everything up. Click on the ‘Start setup’ button to begin your Gmail 2-step verification setup.

02 Start Setup6. In your next screen, you will be asked to select your country and then key in your phone number. If you want to verify via SMS, be sure you don’t put your landline number because it is going to be a big joke later. You will be required to test your phone as well and once the test is completed, the ‘Next’ button will be enabled and you can click on it to proceed. [Read: 7 Sure-Fire Ways to Have A Secure Email]

03 Setup Confirmation7. In the next step, there is no setup but a list of numbers instead. Those numbers will act as a backup just in case you lost your mobile phone or you had your mobile phone stolen. It is completely not advisable for you to keep these numbers in your PC. It should be printed and kept as a hard copy. Do not keep it in your Gmail as Draft or send yourself this list of number as an email attachment. Seal it in an envelope or safety box and make sure you keep it physically safe. Simply just put a check on the checkbox and click ‘Next’ to continue.

04 Setup Back

8. In the next page, you will be required to setup your backup phone. You can use a fake number or any landline number because you do not need to verify this phone. However, it is advisable for you to put in a genuine number as this is going to be your backup as well. Please do not skip this step by simply putting your friend’s mobile number. This is not secure at all! If you want to skip it, put something that is unable to reach at all or best is your house number.

9. You can now test your Gmail 2-Step verification login. Simply logout your current account if at the end of this setup it does not automatically log you out.

10. Login now to your Gmail account.

11. Notice that you will not be redirected to your Gmail inbox now but instead, you will see something like below.

06 Login with 2FA12. Kindly wait for your six digit code. It should be on our mobile phone in less than a minute. Notice that there is a checkbox for this computer to remember your six digit code. There is a correction here though because it is not the computer that remember this number, but the browser. If you attempt to login to your Gmail account with another browser, you will again be asked for the six digit code. Key in the six digit code and click on the ‘Verify’ button to login.

13. BINGO! You had completed the Gmail 2-Step verification setup. If you had accidentally check on the option to let your browser remember your six digit code for 30 days, you can erase your browser’s memory by deleting the cache and cookies.

It is very essential to use 2-step verification for your Gmail. If you are a regular Gmail user, I am sure you will use your Gmail frequently and perhaps, as your primary email and thus having 2-step verification  is some security feature not to be missed. Don’t forget that you should always create a strong password for your Gmail account.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. RSA Remediation?
  2. Top 10 Commonly Used iPhone Passcode
  3. Two-Factor Authentication
About Alan Tay

This blog is owned and operated by myMediaInc. My Media operates content based online portals for IT professionals, technology managers and decision makers as well as business leaders. We publish original quality content focused in Software Development, IT Security, SaaS, Cloud Computing, Outsourcing, Project Management and Mobile and Wireless. Our mission is to explore how to help you optimize your resources in each of these areas.

Find us here IT Security Column.


  1. Faiz Ahamed says:

    two factor authentication?? i never heard about this. sounds interesting. I’ve never found such article in any of the sites. it also shows proof by displaying the images of the two factor authentication. Gmail accounts gonna be more secure with this authentication …great blog!!

  2. Mike Stanley says:

    There are several issues to consider and test that make this more complex than it appears:

    1. where do you run gmail? 2 factor is relatively simple if you run gmail only on a browser on a pc and use any phone to get the authentication code. If you run gmail on an iphone it is more complex (but isn’t 2 factor there – you just have a special password for your iphone). If you run gmail on android it DOES work with 2 factor – the code is sent to the android phone and then you enter it into the gmail screen.
    2. this is just about authentication. you need to consider protecting the data in flight. serious criminals have access to the same equipment the phone company does (for $5000 buck it is amazing what an employee with access to equipment might do …) and they can see all the traffic between your phone and the internet. they are a “man in the middle” and your secure sockets sessions are vulnerable. try adding anonymizer to your iphone or android phone – this sets up a vpn tunnel. anonymizer was purchased by a company where the key execs are ex cia people. this says the system is good! and good for you so long as You are a good guy!
    3. then roll the passwords to both gmail and anonymizer once a month.
    4. never, ever open attachments in gmail. ever. if people want to sent you photo’s use facebook. if they want to send you documents use the google viewer to validate it.
    5. never, even click a link in gmail. ever. copy the link and then cut/paste after you’ve inspected it.
    6. use a password safe to keep/update/encrypt complex string passwords – don’t use a birthdate and a name, whatever … use totally randomized numbers
    7. finally, use PGP to encrypt your hard disk drive, buy a fips encrypted hard drive (dell laptops and others support this) and integrate TPM from the bios level (trusted process module) with either PGP or the new free microsoft equivalent (I forgot the name). with PGP use both a passstring and a USB key. oh, yes, bitlocker. bitlocker is harder to install, etc. but works fine.

    Now you are ready for the world!
    You are at A+ level security – the only advantage most government agencies have is to remove the hard drive at night – I say just lock up your laptop! 😉

    security is a broad issue and you need to think it through carefully.

  3. Aansy Stone says:

    i was using yahoo since long time but the spam and security threats made me to switch away from it. Gmail’s 2 steps verification is a great feature to ensure the proper safety measurements for all the active and new users.

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)