Your Google account has a lot of your personal data from your photos, emails, files, and maybe even passwords. To safeguard all that data, you must enable two-factor authentication or 2-step verification on your Google account. Authentication can be done only by your phone or security key. So even if someone knows your password, they cannot access your account as they do not have physical access to your phone or security key. It’s like having a physical key to lock your account. Here’s how to enable two-factor authentication on your Google account. Note that Gmail is part of Google and so enabling 2FA for Google will also enable it for Gmail.
Table of Contents
What’s Two-Factor Authentication
To enable two-factor authentication, you need to connect your phone or USB security key like Yubikey to your account. Once done, along with your email id and password, you also need to have the authentication device that you have connected to your Google account. Two-factor authentication is nothing but a process of proving that you have the phone or security key on you. As you also have the physical device with you, Google will believe that you are the owner of the account.
There are multiple ways to authenticate. Every authentication method is designed to make sure that you have the phone or the security key with you.
1. Prompt authentication will send a prompt on your phone asking “Are you trying to log in?”. You need to tap Yes on your phone to authenticate.
2. You can also authenticate with 2FA authentication apps like Authy or Google Authenticator. To log in, you just need to enter the code shown in the authenticator app. That code changes every 30 seconds, so no one can know that code including you unless you have your phone in real-time.
3. SMS Authentication will send a one-time passcode as a message to your phone number. You can use that code to log in.
4. For security key authentication, you need to plug in the USB security key to the device that you are trying to log in to.
5. Finally, there are backup codes that you can save somewhere. If the authentication device isn’t with you, then you can use these backup codes to access your account.
Enable Two-Factor Authentication on Google From Browser
When you enable two-factor authentication on Google, Google prompt verification is enabled by default on the devices logged with your Google account. Instead of checking and entering the code manually, you just have to tap on Yes on your phone to gain access. However, we will also show how to set up an authenticator app and security code verification methods.
1. First, open myaccount.google.com on your browser. Log in to your Google account if you are not logged in already. If you have logged in with multiple Google accounts, click on the profile icon at the top right corner, then select the account that you want to enable two-factor authentication.
2. On the Google account page, click on the Security option in the left sidebar. Now scroll down to the Signing in to Google section and click on the 2-Step Verification option.
3. On the next page, enter your Google account password for verification.
4. Now click on Get Started to start linking your phone or your security key to your Google account.
5. Google will list all the phones that you have signed in with your Google account. All these devices will get a prompt when you log in to your Google account on a new device. Just click on Continue to proceed further.
6. Then Google asks to verify your phone number as a backup option. Enter your phone number and click on Send. Google will send a verification code to that phone number. On the next page, enter that code and click on Continue.
7. In case you don’t want to provide your phone number, click on the Use Another Backup Option. Google will show eight 8-digit backup codes. You can use these codes to log in to your Google account in case you don’t have the access to your devices. Each code can be used once only. If you run out of them, come back here and create more.
8. Finally, on the next page, click on the Turn on button to enable 2-factor authentication for your Google account.
Now Google sets the prompt option as the default verification method and the phone number verification or backup codes option as the default backup option. Whenever you want to log in to your Google account, all you have to do is tap on the Yes option when prompted on your phone. But you can add additional verification methods like an authenticator app or security key.
9. To set up the authenticator app, scroll down and select the Authenticator app option.
10. Click on the Set up authenticator button.
11. It shows a QR code in a pop-up window. Now scan the QR code from your chosen authenticator app and click on Next.
12. Enter the code shown in your authenticator app in the popup and click on Verify. This will set up the two-factor authentication with the authenticator app.
13. To set a security key, on the 2-step verification page, click on the Security Key.
14. Then on the next page, click on Add security key button.
15. In the popup, select the Physical option and then click on Next.
16. Now connect your Security key and your PC, Mac, Linux or Chromebook will automatically pick up that. Then click on Done to set up the security key authentication.
Enable 2FA on Google Account on Mobile
The process is similar. Open the Chrome browser on your phone and access the Google account to set up two-factor authentication.
1. Alternatively, you can also open the Google app, tap on the profile icon and select the account for which you want to enable 2FA.
2. Now, tap on the Manage your Google Account option.
3. Here select the Security tab, then scroll down and select the 2-Step Verification option.
4. It opens a webpage and you can follow the steps above.
1. Which is the best 2FA method?
Even though two-factor authentication is secured, not all methods are created equal. Your phone number can be easily hacked or SIM card spoofed. So SMS authentication is the least secure. Also, the Google Prompts method displays a notification on all the phones you have used to log in to your Google account. You don’t have control over where to get your authentication prompts. Using authenticator apps and security key options are the most secure methods as they are completely hardware-based and so harder to grab hold of remotely.
2. How to turn off two-factor authentication?
Open your Google Account Settings > Security > 2-Step Verification and then click on the Turn off button to completely turn off authentication.
Authenticating Google Account
2FA will make your Google account more secure. But in case, you lose your phone or security key, you will also lose access to your own account. It’s always recommended to store your backup codes (preferably offline or encrypted) for situations like these. For more info, check out, how to log in to Google Account without a verification code.