How to set up Gmail's 2-step verification with Mail on your iPhone, iPad, and Mac

How to set up Google's 2-step verification with Mail on your iPhone and iPad

After the news of Mat Honan's horrible experience of getting hacked, many of you are probably (and if not, should be!) taking extra precautions with your accounts, passwords, and general outlook on digital security. One of the big mistakes that Mat said he made was to not setting up Gmail's 2-step verification. Admittedly, this is a somewhat annoying security measure, but it's totally worth it.

iMore is here to help you every step of the way with setting it up!

What is Gmail's 2-step verification?

Gmail's 2-step verification is an optional level of security that not only requires your password, but also a passcode that gets sent to your phone via text or voice. Any computers you mark as "secure" will only require you to enter the code once every 30 days, but all other computers will require you to enter it every time.

Some apps and services do not yet support Gmail's 2-step verification. Three of those apps includes Apple's built-in Mail for iPhone, iPad, and Mac. The good news is that Gmail has provided an alternate method to increase your security -- requiring a separate, auto-generated password for each of those apps.

Like I said, initially setting up 2-step verification is a bit of a hassle, but the extra security it provides is priceless.

How to activate 2-step verification

  1. Login to your Gmail account and visit Gmail's 2-step verification settings page
  2. Click Start Setup.
  3. Enter in the phone number you wish to receive the verification code at and choose whether to receive it by text or voice call.
  4. Receive code and enter it.
  5. Decide whether to trust the computer you're using or not. Click Next.
  6. Read info about 2-step verification. Click Confirm.
  7. 2-step verification activation is complete! Gmail will log you out and return you to the login screen.

How to set-up passwords for iPhone, iPad, and Mac with Gmail's 2-step verification alternative

Now that Gmail 2-step authentication is up and running, you will probably immediately notice that all of your Mail clients, including your iPhone, iPad, and Mac, start giving you incorrect password errors. This is a good sign because it means your activation was a success! To access your Gmail from your iOS and Mac Mail clients, you must create separate passwords for each one.

  1. Login to Gmail.
  2. You will immediately be taken to screen informing you that 2-step verification has been activated and provide you with further options. The first one is to enter a backup phone number (very good idea) and the second to is get list of printable codes (I actually stored these as a secure note in Dropbox). The third one is the one we're most interested in right now; it's called "Application specific passwords". Click the Manage application specific passwords link in the lower righthand corner.
  3. At the bottom of the screen you should see a password generator. Give a name to the password you're generating. Be as specific as necessary. For example, if both you and you wife use iPhones, share a Gmail account, and will access the account from both iPhones, make sure you give each device a separate name like "Leanna's iPhone" and "Dave's iPhone.
  4. Click Generate Password.
  5. Immediately enter this passcode into your iPhone's Mail Settings via Settings > Mail, Contacts, Calendars > Accounts. Do not enter spaces.
  6. Repeat steps 4-5 for iPad, Mac, and any other devices you may want to access your Gmail account from.

There you have it! Now you're all set to use Gmail's 2-step verification security feature and still have access to your email from the Mail clients on your favorite devices.

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Leanna Lofte

Former app and photography editor at iMore, Leanna has since moved on to other endeavors. Mother, wife, mathamagician, even though she no longer writes for iMore you can still follow her on Twitter @llofte.

More Posts



← Previously

Sprint drops the iPhone 4S price by $50 ahead of new iPhone announcement

Next up →

Contest Winners: Sexy Beach photo contest, $117 (not billion) dollars, Plume, and tons of accessories!

Reader comments

How to set up Gmail's 2-step verification with Mail on your iPhone, iPad, and Mac


The biggest mistake Honan made, and the key that unlocked this whole mess, was leaving his credit card data on Amazon. That should be the warning being pounded home. Without that information none of this would have happened. It is incredible that a computer journalist in 2012, who should know the most basic security risks, would be so stupid.

He could have avoided it also if he likely had not used the same credit card with both Apple and Amazon.

No, his biggest mistake was trusting Apple with data that had no backup but iCloud. That was the only thing he regreted losing. iCloud is not safe and should not be used to backup anything invaluable.

You are letting Apple off far too easily here. There are dozens of ways to get the last 4 digits of a credit card besides Amazon. Most commerce sites print them in clear text on invoices. Go check your recent iTunes purchases. Apple itself prints those digits in the clear. Ordered a song at Starbucks? If somebody sees the confirmation page over your shoulder, and knows your email address, that is enough to give them access through Apple's support channels.

For Apple to trust those 4 digits as proof of identity is inexcusable.

amazon's whole system works by storing credit cards into the wallet. what was he supposed to do, use his cc on amazon and then erase it? iiiiiiiiiiiiiiiiiiiiidiot

User beware: if you change your cell phone number, you'll create havoc. If you have to use this verification, Google will keep sending the codes to the old number and there is no way in hell to get back to Google to change your cell phone number. This happened to me and I gave up with Google's shit support, so I had to create another Gmail account. Just avoid this if possible.

Just one example why you definitely should set up a backup phone number as well as a save the printable codes (at least one of them) somewhere. If I had a safe, I'd print them and keep them in there. Even keeping them in your wallet would be fine. Especially if they aren't labeled as google codes since Google requires both a code and password.

The problem was that you couldn't even get to log back in, no matter what you had. There were no places to put the code to log back in. None. I had that as well and still got locked out. I emailed Google support, but they were about as useless as teeth on a chicken. I don't bother with that two factor authentication anymore. I just doubled my password complexity.

I think you can switch Safari or whatever browser you're using to private browsing mode to force Gmail to ask you to enter your two-step verification code. You can then enter one of your backup codes.

I'm assuming everyone reading this has also stopped the foolish practice of saving all of their priceless data on one mobile device?..

There are several lessons to be learned here. Far more prevalent than a hacker group singling me out is that people invariably save data either on a machine or in a location that's not backed up and not secure. So please stop and think for a moment- if your computer just had coffee spilled on it, what would you lose? Plug that gap and also stop drinking so close to your computer! :)

If you are a Google Apps user then first of all your administrator should allow 2-step verification from his control panel.

Otherwise you wouldn't be able to see 'enable 2-step verification' option in your Gmail settings.

Disposable credit cards...disposable credit cards...disposable credit cards. It doesn't matter if you like the few banks who use them (I use Bank of America)...they will save your tail. For every purpose you get a new credit card number with an amount and expiration date of "your choice" and you can delete them whenever you want (usually right after the purchase clears your account).

If you have trouble accessing the application specific passwords page, from a Windows PC running Google Chrome:
1. Log into Gmail
2. Click the Cog in the top right
3. Settings
4. Accounts and Import
5. Bottom Right - Manage Security
6. Bottom Paragraph - Connected applications and sites
7. Click Manage Access
8. You will find the page where you can configure passwords for Connected Apps as pictured in Step 3

Got a question about STEP 1. Login to Gmail.

Do I use the Gmail App to do this. Not sure how this well help. I want the ability to add the account as one of my profile settings.

I accomplished this description, and received new mails. But I did not manage to send any mail. They are in my iMac's outbox. How do I send them?

Can anyone tell me how to turn off the 2 step verification program? It is driving me crazy. It is a long story but at work I have you long on to my Gmail account and I use different computers at work & have to do the 2 step several times a day...grrr! Thanks for your help in advance.