How To Set Up 2-Step Authentication For Gmail and G-Suite (Google Apps)

Posted on by Ralph Smorra Posted in News


Using 2-Step Verification / 2-Factor Authentication is a good way to protect your Gmail or G-Suite (Google Apps) email and documents, even if someone steals or guesses your password.

For G-Suite/Google Apps users, an admin must first enable users to sign themselves up for 2-Step authentication. Personal Gmail users can already turn on 2-Step Authentication.

To Turn for 2-Step Authentication for Your Account:

  1. Go to google.com/2step, then click GET STARTED in the top right, then scroll down and click GET STARTED again on the next page.
  2. Sign into your account. On the next page, click TRY IT NOW.
    1. If your phone prompts you to press Yes or No, tap YES..
  3. Enter a phone #. It’s best to use a number other than your cell # (such as home/work phone—that you have access to at this point.) If that phone can only get calls, not texts, click CALL ME, then click NEXT.
  4. You will get a call/text with a code. Enter the code on the sign-up page, Click next. On the next page, click TURN ON.
    1. If prompted to: Re-enter your password on the page, click Next.
    2. You will receive a notification on your phone that there is a password/login problem.
      1. If you use Gmail for this account’s email on your phone:
        1. Tap that notification, and tap Update Password.
        2. You will receive a call/text with a one-time code. Enter the one time code in the box.
          1. Thereafter, you won’t need to enter codes to use the Gmail app on your phone.
      2. If you use an email app other than Gmail on your phone, such as a built-in Email app or iPhone Email:
        1. You will need to set up an App Password for that app only. See Step 10—Set up an App Password, below.
  5. Recommended: Install Google Authenticator app on your phone, so even when you don’t have cell signal, you can generate codes to enter for your 2nd step.
    1. Scroll down to Google Authenticator app, and click SET UP.
    2. Click Android (or iPhone) then click NEXT.
    3. Click the Play Store (or App Store, for iPhone) link, then click INSTALL.
      1. If using an Android phone: Chose your primary cell phone from the drop-down list of phones, then click INSTALL.
      2. If using an iPhone: Click Install, then follow the prompts to install the Google Authenticator app on your phone.
    4. The Authenticator app should install in a few seconds (if on WiFi), then Open the Google Authenticator app on your phone.
      1.  Tap BEGIN, then tap SKIP, then tap SCAN A BARCODE.
        1. If prompted to: tap ALLOW to allow the app to use your phone’s camera.
      2. On the computer, close the Play Store/App Store browser tab, to show the Set up Authenticator page.
      3. Point your phone‘s camera at the the QR/bar-code on the computer screen to scan it.
        1. The Authenticator app should now show your email address/account on your phone.
      4. Click NEXT on the computer. The Authenticator app on your phone should show a code—you may need to open the app to see it.
        1. On the computer, type the code shown in the Authenticator app into the ‘Enter code’ box on your computer, then click VERIFY, then click DONE.
  6. Recommended: Test 2-step Verification:
    1. Sign out of gmail.com or another google site: click the circle in the top right with your first-initial or picture in it, then click Sign out.
    2. Sign back into gmail, enter your password on the page, then click Next.
      1.  If prompted to enter a code on the next page.
        1. If using the Authenticator app or a text to cell phone:
          1. You should see a code in your phone’s notifications if using your cell , or you may need to open the Authenticator app, to see the code.
        2. If you set codes to go to a phone number in step 3 above and haven’t installed the Authenticator app, you will get a call on that number, telling you the code.
        3. Type the code in the Enter code box on screen.
      2. If prompted to ‘Simplify 2-Step Verification with a Single Tap:
        1.  Recommended: Click TRY IT NOW, then continue to step 7, below.  
        2. Not Recommended: If you prefer to continue using codes: click skip.
  7. Recommended: Add Google Prompt, in the middle of the page, then click GET STARTED to just tap you.
    1. A phone or tablet model name will be shown. If it’s your main phone, click Next.
      1. If it’s not your main phone, click the down arrow next to the phone/tablet name, and choose your main phone.
      2. If your phone doesn’t yet lock with pin code, pattern, or fingerprint, you’ll be prompted to enable one of those phone locks.
  8. Tap YES to the prompt on your phone, then Click DONE on your PC.
  9. Optional: If you use Outlook or an email app (other than the Gmail app), you must Set Up an App Password for it, since they can’t prompt you for a code or tap. Only do this on trusted computers, such as at work.
    1. Go to security.google.com/settings/security/apppasswords”.
    2. Click Select App → Mail, then click Select Device → Windows Computer (or Mac, etc), then click Generate.
    3. Copy the App Password from the page and paste/type it into the password prompt in Outlook or other app.
  10. Recommended: Print out Backup Codes in advance, to keep in a safe place—in case your phone is lost or stolen, and you’re not near your backup phone. .
    1. Go to myaccount.google.com/signinoptions/two-step-verification.
    2. Scroll down to Backup Codes, and click Print Backup Codes, then click Print.

Phone Security

From now on, when you log into GMail/G-Suite on a PC, you will get a prompt on your phone, and tap YES to confirm it’s you.

Now, if a computer you use gets infected with spyware and captures your password, or if someone steals or guesses it, they still can’t get into your account!

Setting up a backup phone number to receive codes on, as shown above, gives you a backup 2nd step you could use to finish logging in, in case you left your cell at work or home.

Installing the Authenticator app, as shown above, avoids using the cellular texting network, which in rare cases has been compromised, to steal texts/codes. Authenticator also lets you still sign in if your cell phone doesn’t have signal (which Google Prompt/Tap-to-sign-in requires.)

For the highest level of security, such as for banks, you can buy and use a separate Security Key device, which you plug into your USB port, or connect to your phone or computer via Bluetooth, in order to log in. These have no storage, so they can’t get infected by spyware, as a phone or computer could.