Gmail's 2-Step Verification: Some FAQs

Since beating the drum two days ago on the importance of protecting your Gmail account with Google's free "2-step verification" system, I've received a torrent of messages with "how do I do this?" or "what about that?" or "can this be worth the hassle?" themes.

As for whether it's worth the hassle -- well, decide for yourself. But decide after you've looked again at Mat Honan's account of the hassle when his entire online life was zeroed-out in a matter of minutes, or at my story of what our household went through when the same thing happened to my wife last year.

As for the "how" questions, I started answering a few piecemeal before deciding that was crazy. I'll answer some of the main FAQs here and then point you to the most useful online guides. Let's get started:

Q. Does the process really need to be this complicated?
A. No. Google has simplified a lot -- think of its search page, its surprisingly effective voice search, Google Earth, etc. It needs to apply a little UI brainwork to making 2-step verification less forbidding than it seems now. See this unforgiving analysis in PandoDaily.

Q. Do I need to be a tech whiz to put it in place?
A. Not really. But if the instructions below seem off-putting, get help from a friend. It should only take ten or fifteen minutes to get your entire set-up configured -- all laptops, all desktops, your smartphones and iPads and mail programs -- if you get the hang of it.

Q. What's the point of the whole "2-step approach"?
A. The main point is, 2-step makes it very, very hard for anyone to take over your email account  remotely -- from China, let's say, or West Africa or Russia or even across the street.

Without the 2-step system, hackers could get into your account if they figured out your password (as happened to my wife). With 2-step, they would need the password -- and also physical control of your smart phone, your purse or wallet, or your actual computer. With the smart phone, they could get the authorization code needed for your account. With your purse or wallet, they could get one of the backup authorization numbers that you can print out and carry around. With your computer, they could get into your account if you'd arranged the settings to require an extra code only once per 30 days.

Here's why this matters. In most cases you would have no way of knowing whether someone in China / West Africa / Russia / Las Vegas had cracked your password and was ransacking your account. My wife had the eerie sensation of finding her Gmail account very sluggish but not knowing why: in fact, the hacker was going through her account at just that moment. But if someone had taken your phone, your wallet, or your computer, you'd probably know. And you might be able to do something to change the password or protect yourself before much damage happened.

Q. Do I have to own a smartphone at all, or even a cell phone, to use this system?
A. No. You can get authorization codes -- which for your own computer you'd need only once per 30 days -- via any normal phone line. If, Unabomber-like, you have no phone at all, you can print out a list of codes to carry around and use.

Q. What if I forget to carry my phone with me. Am I screwed?
A. No. You can, again, print out a list of good-for-one-use codes and carry them in your wallet or purse. If you're ever in a situation where (a) you need to use someone else's computer, or a "public" computer, to get into your Gmail, and (b) you have forgotten to bring your phone with you, you can (c) just use one of these codes. You can generate new ones if you run out.

Presented by

James Fallows is a national correspondent for The Atlantic and has written for the magazine since the late 1970s. He has reported extensively from outside the United States and once worked as President Carter's chief speechwriter. His latest book is China Airborne. More

James Fallows is based in Washington as a national correspondent for The Atlantic. He has worked for the magazine for nearly 30 years and in that time has also lived in Seattle, Berkeley, Austin, Tokyo, Kuala Lumpur, Shanghai, and Beijing. He was raised in Redlands, California, received his undergraduate degree in American history and literature from Harvard, and received a graduate degree in economics from Oxford as a Rhodes scholar. In addition to working for The Atlantic, he has spent two years as chief White House speechwriter for Jimmy Carter, two years as the editor of US News & World Report, and six months as a program designer at Microsoft. He is an instrument-rated private pilot. He is also now the chair in U.S. media at the U.S. Studies Centre at the University of Sydney, in Australia.

Fallows has been a finalist for the National Magazine Award five times and has won once; he has also won the American Book Award for nonfiction and a N.Y. Emmy award for the documentary series Doing Business in China. He was the founding chairman of the New America Foundation. His recent books Blind Into Baghdad (2006) and Postcards From Tomorrow Square (2009) are based on his writings for The Atlantic. His latest book is China Airborne. He is married to Deborah Fallows, author of the recent book Dreaming in Chinese. They have two married sons.

Fallows welcomes and frequently quotes from reader mail sent via the "Email" button below. Unless you specify otherwise, we consider any incoming mail available for possible quotation -- but not with the sender's real name unless you explicitly state that it may be used. If you are wondering why Fallows does not use a "Comments" field below his posts, please see previous explanations here and here.

How to Cook Spaghetti Squash (and Why)

Cooking for yourself is one of the surest ways to eat well. Bestselling author Mark Bittman teaches James Hamblin the recipe that everyone is Googling.


How to Cook Spaghetti Squash (and Why)

Cooking for yourself is one of the surest ways to eat well.


Before Tinder, a Tree

Looking for your soulmate? Write a letter to the "Bridegroom's Oak" in Germany.


The Health Benefits of Going Outside

People spend too much time indoors. One solution: ecotherapy.


Where High Tech Meets the 1950s

Why did Green Bank, West Virginia, ban wireless signals? For science.


Yes, Quidditch Is Real

How J.K. Rowling's magical sport spread from Hogwarts to college campuses


Would You Live in a Treehouse?

A treehouse can be an ideal office space, vacation rental, and way of reconnecting with your youth.

More in Technology

From This Author

Just In