As the series of massive Yahoo! data breaches demonstrate, having a strong password is not always sufficient. Cybercriminals can hack into companies’ databases and steal customers’ login information. If the password for your Google account is stolen, you could lose personal information, send unauthorized emails, and risk having other account passwords reset. For these reasons, Google encourages customers to set up two-step verification.

This security feature only needs to be enabled once to turn it on across the various Google services (e.g., Gmail, Google Drive). Once set up, you will be required to provide your username, your password, and a six-digit verification code in order to log in. Google sends you the code, which will be different each time you sign in. You can choose to receive the code via a text message, a phone call (mobile device or landline), or the Google Authenticator app for smartphones. You can even use a special security key to provide the code through your computer’s USB port.

To set up two-step verification for your Google account, follow these steps:

  1. Go to the 2-Step Verification web page and log in to your Google account.
  2. If prompted, enter your Google account password again and click “Sign in”.
  3. Click the “GET STARTED” button.
  4. If prompted, enter your Google account password a third time and click “Sign in”.
  5. Provide the phone number where you want the verification codes to be sent.
  6. Specify whether you want to receive the verification codes via text message or phone call.
  7. Click “NEXT”, and Google will send you a test verification code.
  8. When you receive the test code, type it in the “Enter the code” field and click “NEXT”. Assuming you received and entered the code correctly, you will get a message stating the test was successful.
  9. Click the “TURN ON” button to enable two-step verification for your Google account. You will receive a confirmation email in your Gmail account stating that you have successfully enabled it.

Once you have gone through this initial setup process, you can configure one or more alternative ways to receive codes. For example, you might provide a secondary phone number or install the Google Authenticator app. You are even able to generate and print backup verification codes that you can use if you are temporarily unable to get a verification code through your phone. Primary and secondary delivery mechanisms can be changed at any time.

If you are using your own device (and not a public computer) to sign in, you can tell Google to trust it by selecting the “Don’t ask again on this computer” option. That way, you do not have to enter a verification code each time you sign in from that device.