As everyone is utilizing technology to a greater degree every day, the need for additional security measures is constantly increasing. For several years now, Google has offered what it calls 2-Step Verification (2SV) (sometimes known as 2 factor authorization on other websites).
It works by requiring a user to enter two passwords:
A time sensitive code sent to a secure device
These passwords increase security immensely, even if the user has a weak password. If someone attempts to break into the account, they not only need the password, but they also need a physical device that belongs to the user, such as their phone or tablet. Google offers to send time sensitive codes by text message, phone call, or through an app available on Android and iOS called Google Authenticator.
Turning on Two Step Verification
Activating 2 Step Verification is really simple. If you are on a personal Gmail account, you can turn it on at any time. If you are on Google Apps for Work or Google Apps for Education, your administrator needs to enable 2SV for all users in the domain.
We always recommend that any users working with financial information or private customer information are utilizing 2SV. We also strongly urge every Google Apps Super Administrator to enable 2SV on their own account.
The 2-Step Verification solution for teams
Protecting your account from hackers is easy, but what if you want to protect an account shared by multiple people? Mail delegation and Groups offer many features, but sometimes its necessary to have a full Google Apps account that is shared by a team of people.
This was a challenge faced by Cloudbakers. How could we make an important account, shared by multiple users, more secure? Google’s instructions for enrolling an account says to scan the QR code from all your devices before proceeding. We realized that if our team ever changed, the new users would need access to this account as well, which would require us to re-enroll all of our phones again at the same time.
We discovered that you can save the image or take a screenshot of the QR code provided to enroll your device before closing the screen. Even though you are prompted to choose between Android or iOS for your mobile device, the QR code gives valid authentication tokens once scanned. Any time we add a new team member, they can scan the QR code to get the correct time sensitive token. If we remove a team member, we just change the password of the account. Now, as you can see in the picture below, we have multiple people with the access code on their phone, even though they were added at different times.
Originally published on April 27, 2015
Protecting your account can be easy, but not always obvious. Cloudbakers strives to empower all of our clients to take charge of their company’s online security and privacy. By utilizing the tools provided by Google, anybody can help keep hackers at bay.