Quick question: how many sites have access to your google account? None? Think again. Have you given your google username/password to Facebook to find your friends? Do you use a service like ebuddy/fring? Have you desisted from checking your mails at a public browsing centre because you are aren’t sure whether any key loggers have been installed? You can now let yourselves have peace of mind even if you use any of the above services.
Last month, Google introduced 2-step verification for its accounts. The concept is very similar to what many banks follows for high-secure transaction. Along with your password, you need to enter a verification code. The code may be send to your registered mobile number by SMS, or may be generated from the mobile itself (Android/iPhone/Blackberry only), essentially making your mobile phone behave like a security token device.
Google gives you the choice to authorize a specific computer (useful, in case of your personal systems) not to ask for the code for the next 30 days. All browser-based applications will no longer ask for your codes through this period.
For services like ebuddy, facebook, or even google’s own (non-browser based) chat and mobile clients, which have only username/password combinations and no way to input verification codes, you can generate individual application passwords. You can even have separate password for each application and have the application remember these, so that you don’t need to enter the values each time.
To start using the 2-step verification process, here’s what you’ve got to do: In gmail.com, goto Settings page.Choose Accounts and Import. Click Other Google Account settings. Click Using 2-step verification. You will then be guided across the remaining screens. This process will take approximately 15 minutes, but is surely worth it.