Skip to main content

Securing Google Accounts

This step-by-step guide will explain how to secure your Google account with the use of multi-factor authentication (MFA). This is also known as two-step verification for Google accounts.


There are a variety of apps you might use with your Google account. Some examples include Gmail, YouTube, Workspace, Google Classroom and the Google Play Store or to sign in to an Android phone.

This guide includes screenshots of the Google website on a desktop computer, but the steps are similar even if you use a tablet or smartphone.

For more information on additional security features please visit Google’s website.

Multi-factor authentication

What is MFA?

Multi-factor authentication or MFA is a way to improve the security of your most important accounts. It requires you to produce a combination of two or more of the following authentication types before granting access to an account:

  • something you know
    (e.g. a PIN, password or passphrase);
  • something you have
    (e.g. a smartcard, physical token, authenticator app, SMS or email); and
  • something you are
    (e.g. a fingerprint, facial recognition or iris scan).

Two-factor authentication (2FA) is the most common type of MFA, requiring two different authentication types.

Why is it important to turn MFA on?

MFA makes it harder for cybercriminals to gain initial access to your account by adding more layers of authentication, requiring extra time, effort and resources to break. Think of adding MFA to your account like adding a locked security screen to your home. It provides you with an extra layer of protection from criminals trying to break in.

How do I turn MFA on?

How to turn on MFA depends on the software or service you are using. However, the steps are somewhat similar for most applications. Icons and language may differ slightly depending on the software or device you are using.

Turn on MFA for your Google Account

These steps will show you how to turn on MFA for your Google Account.

After you turn on MFA, you’ll need both your password and an additional authentication method to log in to your Google account. This could be a security code from an authenticator app, SMS, or phone call. Alternatively you could get a notification to the Google app on your smartphone.

MFA makes it harder for cybercriminals to access your account and it could also alert you to any suspicious activity. This means if your password is guessed or stolen and a cybercriminal is trying to login to your account, you will be sent a security
code or notification. This will prevent them from logging in to your account as they won’t have the security code or you can deny them entry if you use the Google app. You can then change your password to secure your account. If you don’t have MFA turned on, you may not get notifications on attempts to log in to your account.

This guide will show you how to set up MFA for your Google Account on your computer. If you don’t have access to a computer you can follow these steps on any device, however some screens may appear different than pictured.

1. Open an internet browser (for example Google Chrome, Microsoft Edge, Mozilla Firefox or Opera). Go to Google and select Sign In in the top right corner.

Securing Google Accounts - Step 1

2. Enter your email address and select Next. Then enter your passphrase and select Next.

Securing Google Accounts - Step 2

3. Select your user icon in the top right corner. Select Manage your Google Account.

Securing Google Accounts - Step 3

4. Select Security in the list of options on the left of the screen.

Securing Google Accounts - Step 4

5. Under the heading Signing in to Google, select 2-Step Verification.

Securing Google Accounts - Step 5

6. Read the information and select Get Started.<./p>

Securing Google Accounts - Step 6

7. Re-enter your passphrase and select Next.

Securing Google Accounts - Step 7

8. This is where you will choose how to set up MFA for your Google account. You can either enter your phone number to get security codes via SMS or phone calls, or you can use the Google app. We recommend using the Google app as it is more secure than using a phone number.

Securing Google Accounts - Step 8

The Google app will allow you to use your phone as an authentication method. That means whenever your Google account is signed in to, you will get a notification on your phone checking whether it is you. If it is you, you can select Yes to continue signing in. If it isn’t you, then you will know someone has your passphrase and is trying to sign in to your account. If this happens, change your passphrase as soon as possible.

If you have not set up your account in the Google app, follow steps 9-11. They show how to set up the Google app on an iPhone, but the steps are similar on Android devices. If you have already signed into the Google app on your smartphone, skip to Step 12.

9. Go to the App Store or Google Play Store and search Google.

Securing Google Accounts - Step 9a
Securing Google Accounts - Step 9b

10. Install the Google application and then open it.

Securing Google Accounts - Step 10

11. Sign in by entering your Google email address and then select Next.

Securing Google Accounts - Step 11a

Enter your passphrase and select Next.

Securing Google Accounts - Step 11b

You will then be signed in to the Google application. Follow the rest of the steps in this guide and the Google application will send you a notification whenever you sign in to your Google account, asking to confirm if it’s you.

Securing Google Accounts - Step 11c

12. Now you have signed into the Google application on your phone you will be able to select it to use with MFA. Under Show more options select Google Prompt.

Securing Google Accounts - Step 12

13. Check that you can see your phone and select Continue.

Securing Google Accounts - Step 13

14. Enter your phone number as a backup option in case you can’t access your Google application. Select if you would like to receive a Text message or Phone call and then select Send.

Securing Google Accounts - Step 14

15. Record your backup codes by downloading them, printing them or writing them down. Make sure you store them in a secure location. Select Next.

Securing Google Accounts - Step 15

16. Select Turn On. Your account will now have MFA enabled.

Securing Google Accounts - Step 16

17. From this screen you can see what phone is connected to your account and get another copy of your backup codes if required.

Securing Google Accounts - Step 17

Security tips for securing your Google account

We have included some additional security tips to help keep your account secure.

Content complexity
This rating relates to the complexity of the advice and information provided on the page.
Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it