Enable 2FA in Google Workspace
What is Two Factor Authentication (2FA)?
Two Factor Authentication is the process of adding additional security, often in the form of a physical device or unique key, when logging into your accounts. Google and Gsuite accounts make 2FA available through their own application called Google Authenticator, but it can also be achieved through third-party apps like Authy or 1Password, among others.
2FA for Google Gmail Accounts
Turning on two-factor authentication for your google account should take two minutes or less to complete.
While logged into your google account view your profile icon at top right. Click your icon and choose “Manage your google account” button in the dropdown.
Select “Security” in the navigation bar. Note: Google often changes where this choice is found. Sometimes it’s above the icon, sometimes to the left in a menu.
Visit the section for signing into google, which will look like this:
Click on the heading for 2-Step Verification. You’ll be asked to sign into your account again. Provide your password and continue. You’ll be presented with a quick overview of the process. Click “Get Started” to begin.
The available authentication options you’ll see on the next screen represent the login options allowed for your account which are set by your G suite administrator. They typically include authenticating with a physical device like your iPhone or android device, using a physical security key, or a text/voice message.
If you’ve been using your phone with your google account chance are it’s already paired for usage as two step authentication. If so, you’ll see it listed like this:
Using the Google prompt is the quickest way to authenticate your phone. When you login, it pops a message on your mobile device and asks if the login was you. You click “Yes” on that button and you’re authenticated.
Your device will be listed in this area if you have logged into your google account using your phone or mobile device anytime in the last 28 days. Most modern phones allow you to add your google account. You’ll need to check your phone settings for how to do that if your phone is not listed here.
If you’re not able to attach your device to your google account you can choose another option. That link toward the bottom of this setting page will allow you to choose a security key or text/voice message.
The easiest option here is to choose “Text Message or Voice Call.” You’ll see this screen:
Enter a phone number and choose the method you prefer, text or phone call, then click next. Google will text or call you with a code. Enter that code when prompted.
The final step will be to turn on authentication by clicking the “Turn On” link.
You’ll be brought back to the authentication settings screen and shown all the ways you are able to authenticate into your google account.
At this point, it’s a good idea to add additional authentication methods in case your phone dies and you can’t get texts or don’t have your phone on you at the moment.
I like using my 1Password app which is accessible on my computer and all other devices. For that method, you would choose AUTHENTICATOR APP in the list.
Once you choose setup under Authenticator App, a popup window will appear asking you to choose which device you have.
Choose your device and click next. Then you’ll be presented with a barcode you can scan with your authenticator app.
Check your authenticator app for instructions on how to scan barcodes with that app. Each one is slightly different.
Once you scan the barcode, your authenticator app will automatically give you a six digit code.
Click next on the google barcode setting. It will prompt you for that code. Enter the code and you’re all set. Remember, authenticator codes are valid for a short period of time, usually 30 seconds or less. If your code fails you may need to grab a new one. Your authenticator app will automatically reset it and give you another for use.
Each time you add a new method of authentication, Google will mark that as the default.
Again, the Google Prompt is the quickest and easiest way to authenticate. If this option is available to you, we recommend choosing it. Click the link for ADD GOOGLE PROMPT and you’ll see this popup:
Click “Get Started” and you’ll see this popup:
Again, if you’ve logged into your account with your phone over the past 28 days it will be listed here. If not, select “Use a different phone.” You’ll see a popup like this with simple instructions:
Follow the instructions for the device type you use. Once you’ve connected the Google App will recognize the login and bring you back to the previous window.
Google will send a message to your screen and ask you to click “NEXT” to test.
Google will send a prompt to your phone that looks like this:
Click the button YES and you’ll be authenticated. Again, this is the easiest method as it does not require a separate app or adding codes.
You’ll be returned to the Google security settings with the new method set to default.
As a final method of security, we recommend you grab the backup codes which can be saved in a doc or on your phone or printed and used in a pinch if all your other devices are not handy.
Click setup and you’ll see a popup with 10 codes, each an eight-digit number. You’ll have the option to print or download the codes. Keep them in a safe place. You can also access them again here in your security settings.
Congratulations, Google’s 2-Step Authentication is now setup!