Introduction There are a variety of apps you might use with your Google account. Some examples include Gmail, YouTube, Workspace, Google Classroom and the Google Play Store or to sign in to an Android phone. This guide includes screenshots of the Google website on a desktop computer, but the steps are similar even if you use a tablet or smartphone. For more information on additional security features please visit Google’s website. Multi-factor authentication What is MFA? Multi-factor authentication or MFA is a way to improve the security of your most important accounts. It requires you to produce a combination of two or more of the following authentication types before granting access to an account: something you know (e.g. a PIN, password or passphrase); something you have (e.g. a smartcard, physical token, authenticator app, SMS or email); and something you are (e.g. a fingerprint, facial recognition or iris scan). Two-factor authentication (2FA) is the most common type of MFA, requiring two different authentication types. Why is it important to turn MFA on? MFA makes it harder for cybercriminals to gain initial access to your account by adding more layers of authentication, requiring extra time, effort and resources to break. Think of adding MFA to your account like adding a locked security screen to your home. It provides you with an extra layer of protection from criminals trying to break in. How do I turn MFA on? How to turn on MFA depends on the software or service you are using. However, the steps are somewhat similar for most applications. Icons and language may differ slightly depending on the software or device you are using. Turn on MFA for your Google Account These steps will show you how to turn on MFA for your Google Account. After you turn on MFA, you’ll need both your password and an additional authentication method to log in to your Google account. This could be a security code from an authenticator app, SMS, or phone call. Alternatively you could get a notification to the Google app on your smartphone. MFA makes it harder for cybercriminals to access your account and it could also alert you to any suspicious activity. This means if your password is guessed or stolen and a cybercriminal is trying to login to your account, you will be sent a security code or notification. This will prevent them from logging in to your account as they won’t have the security code or you can deny them entry if you use the Google app. You can then change your password to secure your account. If you don’t have MFA turned on, you may not get notifications on attempts to log in to your account. This guide will show you how to set up MFA for your Google Account on your computer. If you don’t have access to a computer you can follow these steps on any device, however some screens may appear different than pictured. 1. Open an internet browser (for example Google Chrome, Microsoft Edge, Mozilla Firefox or Opera). Go to Google and select Sign In in the top right corner. 2. Enter your email address and select Next. Then enter your passphrase and select Next. 3. Select your user icon in the top right corner. Select Manage your Google Account. 4. Select Security in the list of options on the left of the screen. 5. Under the heading Signing in to Google, select 2-Step Verification. 6. Read the information and select Get Started.<./p> 7. Re-enter your passphrase and select Next. 8. This is where you will choose how to set up MFA for your Google account. You can either enter your phone number to get security codes via SMS or phone calls, or you can use the Google app. We recommend using the Google app as it is more secure than using a phone number. The Google app will allow you to use your phone as an authentication method. That means whenever your Google account is signed in to, you will get a notification on your phone checking whether it is you. If it is you, you can select Yes to continue signing in. If it isn’t you, then you will know someone has your passphrase and is trying to sign in to your account. If this happens, change your passphrase as soon as possible. If you have not set up your account in the Google app, follow steps 9-11. They show how to set up the Google app on an iPhone, but the steps are similar on Android devices. If you have already signed into the Google app on your smartphone, skip to Step 12. 9. Go to the App Store or Google Play Store and search Google. 10. Install the Google application and then open it. 11. Sign in by entering your Google email address and then select Next. Enter your passphrase and select Next. You will then be signed in to the Google application. Follow the rest of the steps in this guide and the Google application will send you a notification whenever you sign in to your Google account, asking to confirm if it’s you. 12. Now you have signed into the Google application on your phone you will be able to select it to use with MFA. Under Show more options select Google Prompt. 13. Check that you can see your phone and select Continue. 14. Enter your phone number as a backup option in case you can’t access your Google application. Select if you would like to receive a Text message or Phone call and then select Send. 15. Record your backup codes by downloading them, printing them or writing them down. Make sure you store them in a secure location. Select Next. 16. Select Turn On. Your account will now have MFA enabled. 17. From this screen you can see what phone is connected to your account and get another copy of your backup codes if required. Security tips for securing your Google account We have included some additional security tips to help keep your account secure. Add a recovery email or phone number A recovery email or phone number is used to help you get back into your Google Account if you can’t sign in. For more information see Google’s website. Use enhanced safe browsing Enhanced safe browsing is a way to help protect you against malware and phishing across your Google account. It will help protect you if you are using Google Chrome or Gmail. For more information see Google’s website. Don’t share MFA codes or approve unknown sign in attempts Requests for sign in approval and the security codes you get are Google’s way of checking that you are the person who signed in. If you give someone else your MFA code or approve unknown sign in attempts, then someone else might be able to log into your account. Never approve unknown sign in attempts or give anyone else your MFA code. Remember to transfer your authenticator when you change devices If you are using an authenticator app or Google’s app for MFA and you get a new device, make sure you transfer it to your new device before disposing of or resetting the old one. If you lose access to your authenticator app it could be difficult to regain access to your Google account. We recommend adding a recovery method to your account and saving your backup codes in case you lose access to your authenticator app. Keep your apps up to date For security reasons it is important to keep your apps up to date. Whenever you are logged into your account, make sure the apps are up to date, whether it be an internet browser or email or other apps on your phone. Updates often include important security upgrades. Keep your OS up to date It is also important to keep your operating system up to date. Updates will have important security upgrades. Ensure that all computers and phones have the most recent version of software and if a device is no longer supported by software updates or security updates, consider replacing it. Do a Security Check-up of your Google account Go to the security settings on your Google account to complete a Security check-up. This will give you personalised security recommendations for your Google account. You can also review which devices you are signed in on and identify suspicious login activity. Security Checkup. Use Google’s Password Manager This is a built in password manager in the Google Chrome browser and Android smartphone operating system. You can save your username and password login credentials for different websites and then automatically fill them in so you don’t have to remember them. This function will also give you the option to generate strong passwords when creating accounts or changing passwords. For more information see Google’s website.
