What Is Two Step Authentication?

This post was published 6 years ago. Some things may have changed since then - use the search function to see if anything has been posted since then, or reach out to us on Twitter if you'd like to see a more updated post!

There’s been a lot of media coverage around internet security recently in the light of the Heartbleed bug discovered in OpenSSL, and you might be wondering how you can protect yourself in the future.

The good news is that there is a lot you can do to ensure that your online accounts stay secure and one of those things is two-factor authentication. It sounds complicated but it’s actually quite a simple idea: as well as having to prove something you know – your password – you also have to prove something you have – usually your smartphone.


Between Blogger, Google+, Youtube, Gmail and their many other services, a blogger’s Google account is often at the heart of their online identity. Thankfully, Google have offered two-factor authentication since 2011 and it’s really easy to use. Whenever you log in, you’ll be prompted to enter a short code which is sent to you by SMS or in an app. This code only lasts for a short while and can only be used once, and proves to Google that it’s really you and not somebody else who has somehow got hold of your password. You can also optionally tell it not to prompt you for an authentication code for 30 days – perfect for computers you trust and use a lot.

Setting it up only takes about fifteen minutes. Simply sign in to your Google account as usual and then visit Google’s Two-Step landing page, where you’ll find a straightforward step-by-step guide. You’ll be asked for your mobile number and a backup number, and sent a text message to check that everything’s working properly. And that’s it – you’re up and running! While you’re in the two-step control panel you will also find links to install the Google Authenticator smartphone app, which is available for iPhone, Android and Blackberry.

(Google Apps users may have to sign into their Apps control panel, and enable two-factor authentication under Security – Basic Settings before following the steps above.)

If you’re able to use the smartphone app, I would strongly recommend it – mostly because I find it a lot more convenient, but also because there is a tiny theoretical possibility that a text message could be intercepted. The apps, on the other hand, all calculate the codes on your phone itself so they can’t be intercepted in the same way.

We’ve looked at Google in the example above, but you may be surprised at how many web services offer two-factor authentication either as an optional extra layer of security – often using Google’s authenticator app, so your phone won’t get cluttered up with apps. You can find a really comprehensive list at twofactorauth.org but popular services offering this include Facebook, Twitter, Dropbox, Yahoo!, Evernote and even WordPress.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: