Not sure if two-factor authentication is important? Reports of millions of Google accounts being compromised should convince you. Do it. Do it now.

When it comes to data you want secured, your email accounts are probably close to the top of the list. Though email is technically an unencrypted medium, the average hacker might not go to too much trouble to grab a single message — but they'd love a peek at your history full of password resets, not to mention getting potential access to your bank accounts or other private information.

Strong passwords can help, but to be as secure as possible, you want to enable two-step authentication.

What is two-step authentication?

Two-step authentication is the most prevalent way to secure your accounts: It asks you to authenticate that you are who you say you are by supplying not only your password, but a unique code supplied from your phone or an external app. It ensures that those accessing your accounts have access to your physical devices as well as your virtual passwords, and makes a simple password crack or social engineering hack a lot more insufficient in actually accessing your personal data.

How to set up your Google account with two-step authentication

Google was one of the first companies to offer two-step authentication for its user accounts; the company even created an option for third parties who want to offer two-step support for their services called Google Authenticator. Companies like Facebook, Tumblr, and Dropbox all use Google's service, as does Google itself.

As such, Google's experience with two-step authentication makes it a remarkably simple process to set up. Here's what you need to do.

  1. Visit Google's 2-Step Verification page and click on Get Started.
  2. Enter your Google email and password (or just your password, if you're already logged in to Google).
  3. Click the Start setup button.
  4. Add a phone number that Google can send the six-digit verification code to. (For semi-obvious reasons, this shouldn't be your Google Voice number: If you use that phone number, you might end up locked out of your account.)


  5. Verify your phone number by entering in the six-digit code Google sent you.


  6. Choose whether or not to add your current computer as a trusted device.


  7. Confirm that you wish to turn on two-step verification.


And you're set! Google will now send your phone a six-digit code for any app that uses Google's web interface to authenticate your account.

How to use Google Authenticator

If you don't want codes sent via text message, you can also enable Google Authenticator; this allows you to receive a randomly-generated code from programs like Authy or 1Password or Google's own authenticator.

You can use Google Authenticator for a slew of different services in addition to your Google Account; you just need to make sure they have code generation turned on. Each service has a slightly different way of enabling this, but in general, you should find it under the Security section of your preferences.

Here's the setup screen for your Google accounts:

When you click to enable code generation, you'll be presented with a barcode; scan this with Authy, 1Password, or Google Authenticator to add the account.

Once you've added your account, use the code generated by your app of choice to activate two-step code generation back on the original service.

Any questions?

Do you have any questions about how to add 2-step verification to your Google accounts? Put them in the comments and we'll help you out.

This post may contain affiliate links. See our disclosure policy for more details.