How to secure your account with 2-Step Verification

Modified on Wed, 28 Feb at 10:44 AM

Phone prompts, also known as “on-device prompts”, are more secure than text or voice codes, as a form of 2-Step Verification. Your phone becomes the primary authentication method/device. They’re also easier to use, as they avoid requiring users to manually enter a code received on another device. By making prompts the primary method for more users, Google hopes to help users take advantage of the additional security, without having to manually change settings—though they can still use other methods of 2-Step Verification if they prefer.

We recommend Google prompts instead of text message (SMS) verification codes to help you:

  • Avoid phone number-based account hacking. Hackers may try to steal verification codes to help them break into your account. Google prompts help to protect against this method of account hacking by sending them more securely to only your already signed-in devices.

  • Get more info about sign-in attempts. To help you find suspicious activity, Google prompts you to give you info about the device, location, and time of the sign-in attempt.

  • Block suspicious activity with just one tap on your device. If you didn’t try to sign in to your account, tap ‘No’ on the notification to secure your account.

Step-By-Step Instructions On How To Enable 2-Step Verification

1.    Enabling Organization-Wide 2-Step Verification 

As a Google Workspace Admin, you can enable 2-Step Verification within your organization’s Google Workspace Account, to allow users to choose to use this feature if they wish or you can enforce it as a mandatory security feature for each user's account. Here’s how: 

  1. Sign in to your domain’s Google Admin console at admin.google.com

  2. Go to Security > 2-Step verification

  3. You can allow users to turn on 2-Step Verification on their end or you can mandatorily enforce it to every user within your organization and even choose the date you would want the enforcement to take effect.

Figure 1: Turning off enforced 2FA for the entire organization

  1. You can also enable this feature across the whole organization or even for particular users within an organization unit. E.g. you can set 2FA to be mandatorily enforced for users in the finance department or even your company executives.

Figure 2: Enforcing 2FA for the entire organization

2.    Enrolling in 2-Step Verification On Each User Account

Tell all users to turn ON 2SV by following these steps if the Google Workspace Admin hasn’t enforced it on all accounts.

  1. Go to your Google Account.

  2. On the left navigation panel, click Security.

Figure 3: Google account security settings

  1. On the ‘Signing into Google’ panel, click 2-Step Verification.

Figure 4: Setting up 2FA

  1. Click Get started.

  2. Follow the steps on the screen.

  3. On your phone, you will receive a "Are you trying to sign in?" prompt. This prompt tells you when and where your password was entered, and then asks you to confirm or block the sign-in attempt by simply tapping your mobile device.

Figure 5: 2FA phone prompt

  1. Click “Yes, it’s me” to verify the device.

  2. On some occasions, you may receive a prompt containing a number as shown below.

Figure 6: 2FA number prompt

  1. Tap the number that coincides with the number given to verify the device. 

Figure 7: 2FA number verification prompt

  1. You have successfully enabled 2-step verification. Additionally, if a user doesn’t have 2-Step Verification turned on, this will not apply since each personal user can choose to turn this feature on or off but it will be ON by default to every organization.

Setting up backups

Backups help you get back into your account if you forget your password, lose your phone, or can’t sign in for any other reason. With backups, you’re less likely to get locked out of your account.

Figure 8: Account backup methods

There are four types of backups you can set up for your account:

  1. Backup codes. You can download a list of codes that you can use to recover your account. Note that these are one-time codes so you should store them securely and with easy access.

  2. Google prompt. These are prompts you receive on your default devices to verify a sign-in attempt into your account by a new device. These are the prompts mentioned above in the 2FA account setup instructions.

  3. Backup phone. You can add your mobile number as a recovery mechanism in case you lose your phone. By adding your phone number, you can choose either to receive the verification code via a text message or a phone call.

  4. Google Authenticator app. This is an application in which you can set up various accounts by scanning a QR code. You will receive a code that changes frequently for security purposes. The procedure for setting up the Authenticator app is given below.


Setting up the Authenticator App

In addition to using the Authenticator app as a backup, you can use it as a verification method for your Google account. To do this:

  1. Go to the Google Play store or iOS App store and install the Google Authenticator app.

  2. After installing, launch the app and click Get Started

Figure 9: Setting up Google Authenticator app on mobile device

  1. You can scan a QR code or enter a setup key if you have one. Alternatively, you can click the ‘Import existing accounts?’ option at the bottom of the screen.

  2. To obtain the QR Code:

    1. Go to your Google Account.

    2. On the left navigation panel, click Security.

    3. On the ‘Signing into Google’ panel, click 2-Step Verification.

    4. Click Authenticator app

Figure 10: Selecting Google Authenticator app

  1. On the Authenticator app panel, click Set up authenticator. A new dialog box will appear containing the QR code.

Figure 11: Setting up Google Authenticator app on web browser

  1. On your phone, click Scan QR code. Allow the access permissions and scan the QR code.

Figure 12: Selecting account setup method on Authenticator app

  1. The account will be added and a code will be provided. Note that this code changes frequently.

  1. On the authenticator panel containing the QR code, click Next

  2. Enter the QR code and click Verify

Figure 13: Entering the verification code

  1. The Authenticator app is set up as a 2SV and backup method.

Figure 14: Account setup on Authenticator completed

Disable 2-Step Verification

If a user wants to personally disable 2SV using a prompt they can do it on their own. (We highly do not recommend this). By following these steps a user will disable 2SV:

  1. Go to your Google Account.

  2. On the left navigation panel, click Security.

  3. On the Signing into Google panel, click 2-Step Verification.

  4. Click on Turn Off 

Figure 15: Turning off 2FA

Access Emails on Apps that don't Support 2FA i.e Microsoft Outlook

Programs like desktop email clients (think Microsoft Outlook or Mozilla Thunderbird or Evolution) cannot send a two-factor challenge response. 

The solution? An app-specific password is a special password tied to your account that's used only for a specific program, service, or situation.

Steps on How to Create Application-Specific Password in Gmail and Use it in Outlook

To generate a new password for an email program, utility, or add-on to access your Gmail account through IMAP or POP with two-step authentication enforced:

  1. Click your name or photo near your Gmail inbox's top right corner

  2. Tap or click the Manage your Google Account button in the sheet that has appeared. 

Figure 16: Managing your Google account settings

  1. Click the Security button in the left-hand sidebar.

Figure 17: Google account security settings

  1. Scroll to the Signing into Google section.

  2. Under the Password & sign-in method section, click App passwords.

Figure 18: Managing app passwords stored in your Google account
If prompted for your Gmail password, enter your password over Enter your password and click Next.

  1. Make sure Mail or Other (custom name) is selected in the Select app drop-down menu. If you selected Mail, choose a computer or device from the Select device menu. If you selected Other (custom name), type the application or add-on and, optionally, device (like "Mozilla Thunderbird on my Linux laptop") over e.g. YouTube on my Xbox.

  2. Click Generate.

Figure 19: Generating app passwords

  1. Find and immediately use the password under Your app password for windows computer if you selected it. Type or paste the password into the email program, Gmail add-on, or service immediately, sticky notes, or notepad. You will not see it again.

Figure 20: Generated app passwords and instructions on how to use it

  1. Click Done.

  2. Enter this password in Outlook prompt, That is it!!

Figure 21: Using the generated app password

Contact Us

Verify at Google Cloud Partner Listing; https://cloud.withgoogle.com/partners.

Pawa IT Solutions Limited,

1st Floor, George Padmore Ridge,

George Padmore Road,

Nairobi, Kenya

Tel: +254 778 072 282, 

Mobile:+254 717 845 316

sales@pawait.co.ke || sales@pawait.africa

www.pawait.co.ke || www.pawait.africa.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article