2-step verification: stay safe around the world in 40 languages

Thursday, July 28, 2011 9:08 AM

(Cross-posted from the Official Google Blog)

Earlier this year, we introduced a security feature called 2-step verification that helps protect your Google Account from threats like password compromise and identity theft. By entering a one-time verification code from your phone after you type your password, you can make it much tougher for an unauthorized person to gain access to your account.

People have told us how much they like the feature, which is why we're thrilled to offer 2-step verification in 40 languages and in more than 150 countries. There’s never been a better time to set it up: Examples in the news of password theft and data breaches constantly remind us to stay on our toes and take advantage of tools to properly secure our valuable online information. Email, social networking and other online accounts still get compromised today, but 2-step verification cuts those risks significantly.

We recommend investing some time in keeping your information safe by watching our 2-step verification video to learn how to quickly increase your Google Account’s resistance to common problems like reused passwords and malware and phishing scams. Wherever you are in the world, sign up for 2-step verification and help keep yourself one step ahead of the bad guys.

To learn more about online safety tips and resources, visit our ongoing security blog series, and review a couple of simple tips and tricks for online security. Also, watch our video about five easy ways to help you stay safe and secure as you browse.

Update on 12/1/11: We recently made 2-step verification available for users in even more places, including Iran, Japan, Liberia, Myanmar (Burma), Sudan and Syria. This enhanced security feature for Google Accounts is now available in more than 175 countries.
The comments you read here belong only to the person who posted them. We do, however, reserve the right to remove off-topic comments.


K said...

Thank you for making this available worldwide, Google! ♥

Joshbw said...

any chance an app for Windows Phone is on the way?

Steve said...

2-factor authentication is great, but I already have a YubiKey on my keychain. I think it would be great if Google supported YubiKey. Thanks!

Dug said...

We've made our web service and free mobile apps available at Duo Security to enable every website to do as Google's done.

We only have users in 42 countries, but we're catching up! :-)

Thanks, Google, for protecting your users. We hope more companies follow your lead!

Bharat Sharma said...

I follow a couple of Google Blogs, which are very useful in keeping updated.

It pains me that all Blogs do not have a consistency in terms of being able to subscribe by email.

Some do allow email subscription, most do not.

What a pity since email allows me to choose only the blogs I REALLY read as opposed to "READ when FREE" type blogs on my Google Reader.

So, Please enable email subscription for all Google Blogs.

Alex said...

The "Remember location for 30 Days" tick box just uses a cookie, which for me is redundant as I clear cookies on exit (Chrome, Firefox, etc.). This means I have to always enter a verification code, which to be honest doesn't bother me too much but possibly could be better without impacting the effectiveness of the security.

Using Ubuntu One as an example, machines are authenticated against an account. The list of authorised machines can be shown and any authorised machine can be de-authorised (from anywhere).

Could something similar be incorporated into two-step? Still the same process but instead of identifying a machine by a browser cookie (I.e. client-side) the machine itself is identified and the list of authorised machines be maintained server-side.

The Google Dashboard could be updated to allow users to manage their authorised machines.

Maybe a manual process is required to add a machine to the list of authorised machines. Remove the tickbox for "Remember..." so that you can never really accidentally add a "public" machine to that list.

Either way using 2-step and think it's a good idea. Thank you for the feature.

MD Security said...

Are sites like spy.scorpio.com really cracking accounts and getting passwords or is there an insider helping these Crackers out?

Katan said...

The one thing I don't like about thsi feature is the "Thank you for using..." part which comes up initially. Just give us the code up front (repeat twice).. then say the "Thank you..." message.

1. Its a waste of everyones time to listen to this message up front.
2. I think you are wasting energy unecessarily forcint people for a few seconds to listen to it... I am sure it will save a few barrels of oil if you remove that message up front.

David B said...

Have you got the latest stats on how many gmail.com accounts are compromised per day?. This would be a more compelling argument for enabling 2-step verification

mb said...

I generally find 2-step authentication a great feature, but the way it is implemented doesn't work for me for a number of reasons, the main one being that I frequently travel where I do not have mobile access, and one-time codes are a security risk.

Now I am less concerned in my account being accessed for read / write, but totally hijacked, i.e. password changed.

Wouldnt it have been better for special cases as myself and the general population, if standard account access was via simple password, BUT if chnaging account access, i.e. password, THEN some form of 2-step authentication would be required.

I think this would have been a good half-way house, and more likely with a higher adoption rate...

Just thinking