Enabling 2-step verification is to add an extra layer of security to your Google Account for greater protection. However, if this is not set up properly, it may, under certain situations, keep the legitimate owner of the account away from accessing his or her own account.
After noticing multiple threads on this topic in both the Gmail and the Google Accounts help communities, where the users have lost access to their accounts over something trivial or through an oversight, I feel this is a good time to write a blog on how to set up the various 2-step verification options on a Google Account.
This article is also intended to help users who find setting up the different 2-step verification options difficult or complex.
For ease of understanding and navigation, we shall divide this post into the following sections:
- Setting up 2-step Verification.
- Generating the 8-digit offline backup codes.
- Setting up the Google Authenticator App.
- Setting up Google Prompts.
- Setting up your phone as a Security Key.
- Setting up NFC/BlueTooth physical Security Keys.
We begin by visiting the Google Accounts Security page, either by typing in the https://myaccount.google.com/security URL inside the browser's address bar or by clicking on the link from here (it opens in a new window). Another way would be by first clicking on the circular profile icon in the top-right of the screen, then clicking on the Manage your Google Account button and finally clicking on the Security tab in the left panel of the Google MyAccount home page and scrolling down to the Signing in to Google section.
With 2-step verification turned off, the screen will look as shown below.
Click on anywhere in the section highlighted by the red rectangle to get to the next screen. Some basic information related to 2-step verification will be shared with you.
Almost nothing we see during this process is unimportant, so it is best to read through the information before clicking on the blue Get Started button.
You will be asked to sign in, as is the norm before accessing sensitive account information or performing any action the system deems critical.
- It is best to not use a landline number in case you frequently travel and may want the codes to be delivered to your travelled location. (Yes, there are backup options, but it is best to have multiple options).
- Never enter a Google Voice or any other similar numbers, temporary numbers offered by websites or a disposable virtual number.
- Currently, the default way to receive the second verification code from Google is via Text messages.
- If this Google account is signed in to any eligible phone, the Google prompt for 2-step verification, about which we saw a fleeting mention on the starting screen with the Security key, will be added as an option.
- The device is misplaced, lost, damaged or stolen.
- The device can't access the internet for whatever reason.
- The device doesn't have a signal to receive a text message or a voice call.
- The device is factory reset.
- The device is a new or previously unused device for that Google account.
In other words, the basic recovery options are not backup options for your default 2-step verification option. Other 2-step verification options are backup options for your default 2-step verification option. So, it will be wrong to assume that when you are unable to verify using the default 2-step verification option, the system will use the basic recovery options to verify you. It will not.
- The Google Authenticator app doesn't come with any backup or restore features for the accounts added to it. So, to protect against that, it is important to ensure you have other backup options required to sign into them.
- The only way to export data from the Google Authenticator app is via the QR scan method explained here - https://support.google.com/accounts/answer/1066447?hl=en.
- The Google Authenticator app doesn't offer a web UI to sign into. However, there are other similar TOTP/HOTP apps that do offer a web UI to sign in from, providing you with another way to generate the second verification code.