2 Step Verification
With 2-Step Verification, you’ll protect your account with both your password and something only you have (phone, security key, code).
- What 2-Step Verification is
- Why is this important?
- How it protects you
- What is SIL's official recommendation?
- SIL Google Admin's "official" reference guide
- How to enable it
- How it works
- What about when you don't have your phone?
- Common issues with 2-Step Verification
- Helpful videos:
- "The Complete Guide to 2-Step Verification" (video, 2:25)
- "The 2-Step Verification 2 Step" (video, 13:03)
What 2-Step Verification is
It's easier than you think for someone to steal your password. Any of these common actions could put you at risk of having your password stolen:
- Using the same password on more than one site
- Downloading software from the Internet
- Clicking on links in email messages
2-Step Verification can help keep bad guys out, even if they have your password. The hacker now needs to know your password but also have something that only you have (your phone or Security Key).
Why is this important?
Imagine losing access to your account and everything in it. When a bad guy steals your password, they could lock you out of your account, and then do some of the following:
- Go through – or even delete – all of your emails, contacts, photos, etc.
- Pretend to be you and send unwanted or harmful emails to your contacts
- Use your account to reset the passwords for your other accounts (banking, shopping, etc.)
Just as important as protecting the one account, it also avoids negatively impacting the organization as the hacker tries to leverage the access they now have into compromising other accounts.
How it protects you
2-Step Verification adds stronger security for your Google account because, to access the account, you need 3 pieces of information: the account name (what you (and a hacker) know), the password (what you (and a hacker) know) plus something only you, the owner, have. This will be a 6-digit verification code provided either by an app running on your phone, a text message sent to your phone, a code delivered during a phone call, or a one-time-throw-away code you are carrying on your person.
To read Google's information about this, go to their 2-Step Verification page.
What is SIL's official recommendation?
We strongly recommend every user implement 2-Step Verification. Other than in the case below, you can enable 2-Step Verification now and choose to disable it later.
Exception: Some SIL departments have already decided that all their users will be required to use 2-Step Verification. In those mandated cases, SIL Google Admin will help implement and then prevent removal of this capability.
SIL Google Admin's "official" reference guide
We have compiled a Google Doc that covers much that you need to know and do for 2-Step Verification. In addition, we have compiled a "Quick Steps" guide to offer steps for the two most likely scenarios.
Below are separate, common questions that focus on aspects in this document that may arise.
What about when your don't have your phone?
- You can print a list of ten backup codes, each one good for use one time. When that list has been used up, print a new list of ten backup codes.
- Add a backup phone number so that Google can contact you another way
- During sign-in, you can choose to not use 2-Step Verification on that computer. (We don't recommend this, however.) Google will still ask for codes on other computers.
Common issues with 2-Step Verification
The most likely problem you will have, however, is that your email client will begin prompting for your password when you first enable 2-Step Verification, even though you haven't actually changed the account password. Access from your email client will now require an "app-specific password". Read Google's discussion on how to get/use this special password. (Note: you would still use the original account password when logging into the web mail system.)