Did anyone of you notice the “Using 2-step verification“ option under personal settings of your Google account page ?

You might already be using it if you are a Google Apps user but if you are wondering what it is, read on and you’ll get to know everything about it!

What is 2SV for Google/gmail account :

Google has launched a new and advanced security system that should help users protect their Google account against few hacking techniques such as Hacking by key-loggers, Phishing scams, password stealing etc! Few of you must have experienced how painful it is to get hacked by someone and it turns to be worst if the hacker starts using your hacked account for other scams such as sending unwanted and vulgar mail to your friends/family. Also, once lost, it becomes too hard to get the account back! Here is a new feature which will enable you protect your account from being stolen.

Google 2SV system asks for a second layer verification code, besides your user name and password, that must be entered to log in to your Google a/c. Once enabled, it checks the browser cookies for authentication and if it’s a new browser/system, it asks for second level verification code that could be a

1) verification code sent to your primary/secondary mobile.

2) verification code given to you by a voice call from Google automated system.

3) back up code generated and stored by you.

How does 2 Step Verification (2SV) work :

Once enabled, it asks for the verification code as soon as you try to sign in to your Google account using your email id and password. You’ll receive the verification code on your mobile phone that you entered at the time of setting up 2SV for your Google account. Once you will enter the verification code correctly, you’ll be signed in to your account. If you are using your personal computer, you can check ( select ) “Remember verification for this computer for 30 days. ” option before clicking on “verify”. If you select this option, your cookies will be set in such a way that you’ll not be asked to enter 2nd layer verification code on next logins for next 30 days.

However, when 30 days expires or you clear browser’s cookie, you’ll need to verify again! Please note the point that 2SV works based on Browser cookies and not specific computer ( or it’s IP address ). It checks and identifies cookies and deleting cookies or changing your browser ( even if on the same computer system ) will result in asking the verification code!

How to enable 2 Step Verification for my Google a/c :

To enable 2 Step Verification, visit your “account page” and click on “Using 2-step verification” or directly click here.  You’ll get a user friendly page where you’ll be asked to enter and verify 2 mobile numbers ( one primary that will be used mainly for sending verification code via sms/automated calls and one secondary number that will be used in case you can’t get verification code on your primary number or primary number is lost/stolen ). After successfully verifying two mobile numbers,  ten 8 digit backup codes ,which are one-time-use codes, will be generated which can be used as verification codes in case of emergency, e.g., you’ve lost access to both the phones or both the phones aren’t working! It is advised that you take a print out of back up codes and keep them at safe and easy-to-access place so that you don’t get into frustration by not being able to access your google account, if you ever lose access to both your mobile phones or in other emergency cases! Check this link for detailed steps.

Once enabled, you will be asked for a verification code sent to your mobile on next log in. You can use “Remember verification for this computer for 30 days.” if you are using a personal computer so that you don’t need to enter the verification code for next 30 days. It is strongly recommended that you don’t not select this option on public computer.

What advantage does 2 Step Verification ( 2SV ) have :

Once you enable 2 step verification, your Google account becomes very much safe and secure against most of the hacking scams that can be used to take over your account. No one will be able to access your account unless

1) He knows your email id and password both.

2) He uses the same computer and same browser for which you’ve selected “Remember verification for this computer for 30 days” or he has back up codes or he has access to your mobile phone.

If any of the above two conditions are not satisfied, one can never take over your account

Advantage of 2sv for Orkut Users :

1. All community owners are recommended to enable 2SV on their owner profile and then they don’t need to look at everyone else with suspicious eyes. Is that someone who might try to hack my communities ? Should I add this unknown person to my owner profile, he looks suspicious – Get rid of all these questions and sleep well!

2. If most of the Orkut users start using 2SV for their Google account, not only phishing, key logging and other hacking will be stopped but also flooding using fakes, mass voting, mass scrap will be burried because all of them use hacked ( generally phished Orkut accounts ) profiles and none of them will work for those Orkut profiles which have 2SV enabled!

Problem in receiving verification code via sms/automated call for 2Step Verification  enabled Google account :

1. If you are having trouble in receiving verification code on your primary number, try clicking “Get a verification code with a voice call ” on verification page! You’ll get an automated voice call which will give you verification code to be entered.

2. If that doesn’t work either, try clicking on “Other ways to get a verification code »” on the same verification page and either use one of your back up codes that you stored earlier or your secondary mobile number for sending verification code via sms.

What is application-specific password for 2 step verification enabled Google account :

If you’ve a 2SV enabled Google account, your password will only work in browser based login and not on any non-browser based application. If you’ll try to enter your email id/login id and password in your non-browser based application such as Google Talk, Picasa Desktop Application, Android on Nexus S, you are more likely to get an error message something similar to “incorrect id and/or password” or “connection error”.

How to log in to non-browser based application for 2SV enabled Google accounts :

Your regular account password won’t work for non-browser based applications and you’ll need to generate application specific password which is a 16 digit code generated on 2SV setting page. Just enter a name (e.g. Gtalk client ) to identify the non-browser based application for which you are generating a 16 digit password on this page and click on “Generate password”. A 16 digit code will be generated which will be displayed only once. You can use that password for that application and use “remember me” option so that you don’t need to enter the same 16 digit code each time for log in. You can revoke access ( or reject that password ) any time by clicking on “revoke access link” on same page where you generate and find application specific password. Once you revoke access, that password will no longer be valid to access your Google account. For details about application specific password, refer this.

How to turn off 2 step verification for my Google account :

If you no longer wish to use 2SV you can safely turn it off for your account by visiting this link.

However, it is quite easy and takes only 15 minutes to set up 2SV so I’ll never recommend you NOT to turn it off. This option can  save you from lots of frustration and troubles that you might get into if your account gets hacked, right ? So, why not to be a techie and stand in the row of advanced feature users to be safe!

If you’ve any query feel free to post a comment and I’ll be happy to help you out. I’m an expert of 2SV, don’t ask how – It’s secret!