Google is rolling out two-factor authentication, or what they are calling two-step verification, for their web apps like Gmail. Two-factor authentication is stronger than regular passwords because it combines something that you know, a password, with something that you have, in this case a randomly generated verification code. You will need to provide both pieces of information in order to successfully log in to Gmail or other Google web apps.
The stronger security is not turned on by default, you have to go into your Google account settings to enable the capability. You obtain the verification codes in one of several ways, either by using an Android app, by receiving a text message, or by a voice call. The verification codes only work one time, but you do have the option of only having to enter the code once very 30 days. Be aware, however, not requiring entering both a verification code and password every time defeats the stronger security that two-factor authentication provides.
After you set up the service, logins to Gmail will have the following two steps. First you will enter your user name and password, as you do today. Next, you will be prompted to enter the verification code, which you receive either with the Google Authenticator app, via text message, or voice call.
Using this stronger security does mean that you will have to change the passwords for all of your devices that you use to access Gmail. You create the passwords for each device, or application like Outlook, that you use on the Google Account settings page. Google generates a 16-character password that you enter in to the device or application. Fortunately, you only have to enter the password once as it does not expire, however, if you have to restore a phone you will need to generate a new password.
The two-step verification has not been enabled for my Google account, and I am on the fence about whether or not to use it. On the one hand, I like the idea of having stronger security, but on the other hand, I am not sure I like the hassle of having to obtain and enter a verification code. I will probably try it out and if I don’t like it, turn the capability off.