Google New 2-Step Verification

Why you should use 2-step verification

2-step verification adds an extra layer of security to your Google Account by requiring you to have access to your phone – as well as your username and password – when you sign in. In addition to your username and password, you'll enter a code that Google will send you via text or voice message upon signing in.
2-step verification drastically reduces the chances of having the personal information in your Google account stolen by someone else. Why? Because hackers would have to not only get your password and your username, they'd have to get a hold of your phone.

How you sign in with 2-step verification

Signing in with 2-step verification is easy.

1. Go to the sign-in page and enter your username and password like you normally do.
   
   
2. Then you’ll be asked for a six-digit code, which you'll get from your phone. If you want, when you enter your code, you can choose to remember your computer for 30 days -- this means you won’t be asked for a code again when you sign in from this computer for 30 days. If you sign in from another computer, however, you’ll be asked for a code.
   
   
   
3. After you turn on 2-step verification, non-browser applications and devices that use your Google Account (such as the Gmail app on your phone or Outlook), will be unable to connect to your account. However, in a few steps, you can generate a special password called application-specific password to allow this application to connect to your account -- and don't worry, you'll only have to do this once for each device or application.
   
   

Signing in using application-specific passwords

The codes that you’ll get with 2-step verification don’t work with all applications. There are a few applications that use information from your Google Account (like the Gmail application on your phone, or Outlook) that require another type of code. These are called application-specific passwords.
Some devices and applications that use these special passwords include:

POP and IMAP email clients such as Outlook, Mail and Thunderbird Gmail and Google Calendar on smartphones ActiveSync for Windows Mobile and iPhone YouTube Mobile on Apple devices Cloud Print

Installed chat clients such as Google Talk and Adium 3D Warehouse, Sketchup, and installed applications AdWords Editor Sync for Google Chrome Gmail Notifier

How to generate an application-specific password

Unlike a verification code that you receive from your phone or through Google Authenticator, application-specific passwords are generated. You don’t have to memorize them, ever - you simply generate a new one each time you need to sign into a particular application. Follow the steps below to generate your application-specific password:

1. Visit the Authorizing applications & sites page (pictured below) under your Google Account settings.
2. Under the Application-specific passwords section, enter a descriptive name for the application (label 1) you want to authorize, such as "AdWords Editor – Desktop," then click “Generate application-specific password" (label 2).

You'll then see the application-specific password you just created (3). You'll also see the name you wrote in for the device (4) and a link to Revoke (5) -- or cancel -- the code.
Once you click Done, you’ll never see that application-specific code again. But don't panic: You can generate a new one whenever you’re prompted for an application-specific password by a non-browser device or application -- even a device or application you’ve authorized before.

Using application-specific passwords

When prompted for a password when you sign in to a non-browser application or device that accesses your Google Account:

1. Enter your username.
2. Enter your application-specific password in the password field.
3. If your application has an option to remember your application-specific password or stay signed in, you can select that option so you won’t have to generate and enter a new application-specific password each time you access your account from this application or device.

Turning off 2-step verification

Did your email client or applications stop working when you turned on 2-step verification? Don't fret -- you can get applications and devices that need access to your Google Account working again in minutes using application-specific passwords.

Turning off 2-step verification

1. Visit the Using 2-step verification page under your Google Account settings. Sign in with your username, password, and verification code if prompted.
2. Click Turn off 2-step verification.
3. A pop-up window will appear to confirm that you want to turn off 2-step verification. Click OK.

Revoking and destroying passwords and codes to protect your account

If you used application-specific passwords to authorize applications to access your Google Account, we recommend you go back to using passwords -- rather than application-specific passwords -- to access these applications. That way, you can revoke your application-specific passwords so nobody else can use them:

1. Visit the Authorizing applications & sites page under your Google Account settings.
2. Click Revoke for any application or device whose code you want to revoke.
3. For each application that you revoked an application-specific password, you'll need to reauthorize the application by entering your username and password, as you did before you turned on 2-step verification. You might not be prompted for this information the next time you use the application as some applications will take longer to recognized that an application-specific password has been revoked.

In addition, remember to destroy all backup codes that you had been using to verify this account.