After spending too much time thinking about WordPress security this week, I stumbled across this post by Jeff Atwood about the importance of email security, and how to turn on Gmail’s two-step verification. Often when I read about online security, the content is often so over-the-top fear-based that I roll my eyes and click away. This time was different; maybe it was my own focus on writing about (somewhat scary) online security this week, but I logged into my Gmail account and turned on the two-step verification right away.
Amazingly, once it’s set up, the second verification is rather painless. There is no need to remember another password; you just need to be the kind of person who carries around a cell phone most of the time.
It works like this: After you log in to your Gmail account, Google asks for a verification code, which it then texts to your cell phone.
Once that’s entered, you can set the computer to ‘remember’ this code for 30 days, so most of the time you log in on your own machine, you don’t have to use it at all.
If you use Gmail with a desktop application or mobile device, you can also set them up to log into your account with the second layer of authentication. Google has a set of instructions to create and use application-specific passwords; basically, you generate a unique password for each application and device. This password is 16 characters long; thankfully, you just have to enter it once, and for most programs/devices, it goes where your Gmail password would normally be entered. To remove authentication for a device or application, you can revoke the application-specific password though your account.
Do you take any extra security measures with your email? Share them in the comments!