Good news for Google users outside of the United States: the internet giant has announced that Two-Step Verification is now available in 150 countries worldwide and 40 languages. You should use it. Really.
No, the feature, which is more generally referred to as two-factor authentication, doesn’t sound cool. In fact, it’s sort of a pain to set up. But it helps protect your Google account against phishing and some other security attacks — which is vitally important given how much data many people are storing on Google servers, and will only become more so.
Here’s how it works: after activating two-step authentication, whenever you attempt to log into your Google account you’ll be prompted for both your ‘regular’ password and a second password that’s only available via your phone. In other words, logging in requires both your password (which could potentially be phished) and a code from something you physically have (which is harder to get).
You can opt to receive this second code via smartphone, phone call, or SMS (it’s easiest to just use the smartphone app, which is available for Android, iPhone, and BlackBerry). And you can use a cookie to save that second token for thirty days, so you’ll only have to go through the process once a month on the computers you use frequently.
Of course, many applications and devices ask for your Google credentials (iCal, phones, tablets, whatever), and they don’t have this two-factor flow built in. For these, Google lets you create application-specific passwords — Google will spit out a unique string of random letters, you type them into the application’s password field and save it (you don’t have to memorize or write down this password). This process is probably the most confusing thing about two-step verification, but it’s not too tricky once you’ve done it a few times.