Use Google two-factor authentication on the Apple Mac

Padlocks - handy for locking things!

I hate security. It drives me nuts. But I turned on two-factor authentication on Google just for the extra security. What happened next on my Apple Mac is an interesting story.

Any good password is impossible to remember and cannot be spoken. It is just a random string of letters, numbers and symbols. That is one reason why people use such simple passwords as ‘123456’, ‘password’ and others like them. You can Google the top passwords and get a list if you want. See how many of yours are on it.

A password manager like LastPass and 1Password are useful for generating complex passwords and storing them to save you having to remember Tu7-RfDsG!a162kMn and about 20 others you need on a regular basis to access your online accounts and services.

Having a good quality password is essential, but it does not provide the best security. Someone could still guess it, even if only through brute force by trying thousands of different combinations of characters. They could also steal it by hacking into an online computer system.

Once someone guesses or steals your password they can log in to your accounts and this could lead to loss of access yourself, and potentially loss of money, depending on the accounts they have access to.

One way to boost the security of online accounts is by using two-factor authentication (2FA or 2-step verification). What this means is that you use your mobile phone to approve anything that tries to access an online account like email, online storage, music streaming, online stores, banking and so on. Anywhere you log in with a user name and password.

When you use your computer to log in to your email using 2FA, a text message is sent to your phone with a code. You must enter this code into the computer to approve it and allow access. If you don’t, then access is blocked.

Since your phone is in your pocket, if someone else tries to access your account your phone will receive a text with a code. This alerts you to the fact that someone else is trying to access your account (bank, email, etc.), but because they don’t have the approval code to type in, they cannot log in. Even with your user name and password.

The code on your phone is the key that allows access.

To access an online account like a bank, shopping, email or whatever is protected with two-factor authentication, your phone is required,so make sure it is within reach. It is needed only once though, because after approving a computer, tablet, phone or app, it is remembered and you don’t need to approve it again.

The first time you enable two-factor authentication on something like your Apple ID or Google account, be prepared for a bit of hassle. This is because you are logged out of every service everywhere and must then approve everything.

Once this is done then everything is OK, but till then you must expect a lot of text messages, codes and logging in and out of accounts on your computer, phone, tablet and apps.

To enable two-factor authentication for Google, go to the Google home page and make sure you are logged in. Click Sign in if you are not. Click your profile photo in the top right corner and click My Account.

Click Sign in & security and then click 2-step Verification in the Password & sign-in method section. If you don’t have a phone number associated with your account, add one and then turn on 2-Step Verification. You will be sent a code that you enter and that sets up the security service.

Google 2-step verification

Setting up the security is straightforward, but now you will find that you are logged out of Google everywhere. If you use Google as your home page in Safari or Chrome for example, you will be locked out.

Google 2-step Verification

You must click the Sign in button to log back in. Then you will be sent a text message to your phone, which must be typed in to the browser to approve it.

Google 2-step Verification

That is a bit irritating, but isn’t a big deal. If you use the Mail app to access your Gmail account, it won’t work because it does not have approval. If you go to your Google account, go to 2-step Verification, there is a facility to allow Mail on the Mac or Mail on the iPhone or iPad to access your account again. It doesn’t work

Google 2-step Verification

It creates a new password that you must enter into your account in Mail and this approves the app and allows it access to your email messages. The problem is that there is nowhere to enter your password in Mail. Go to Mail, Preferences, Accounts and you can view every setting for Gmail, except your password. It isn’t there, even though Google says it is.

Google 2-step Verification

It seems that Google has out of date information on its website. The Mail password must be stored somewhere else on the Mac these days and Keychain is the obvious place. It can be run from Applications/Utilities/Keychain and there are several entries for Google. However, despite changing the old password to the new one, Mail would not fetch Gmail and it could not log in.

I fiddled around for ages trying to get Mail to access Gmail. Going to System preferences, Internet Accounts and clicking Google did not help because there is nowhere to enter the password Google provided.

The one thing that got Mail working again was to go to System preferences, Internet Accounts and delete the Google account. This only deletes information on the Mac, such as emails, calendars and so on. This is just a mirror of what is online and everything online is safe.

Google 2-step Verification

After deleting the Google account, it can then be added again. When you do this, it prompts you for your email address and password as usual.

Google 2-step Verification

Then your phone is sent a text message with a code, which you enter at the prompt.

Google 2-step Verification

I could not find a way to convert an existing Google account on the Mac, such as that used with Mail and Calendar, to a 2-step Verification one. The only thing that worked for me was to delete the whole Google account and add it again. It then did the security check via my mobile phone and once the code was added, Mail began syncing messages again.

It has to download every single email again because the old messages are deleted when the Google account is deleted. This can take several minutes, but eventually it gets all your Google Mail and you are back to normal.

Well, almost. If you use other Google apps and services, you might need to approve them too. For example, if you use the Google Drive app to sync a folder on your Mac’s disk with your online storage, you are logged out.

You must click the Google Drive icon in the menu bar and log in again. This triggers the 2-step Verification procedure and you must enter the code in the text sent to your phone. There may be other apps that require this.

It must have taken an hour to get everything working with 2-step Verification, but half of that time was spent trying to work out how to get the old Google account working. The best solution was to give up, delete it, and add it again.

Now everything is locked down and no-one can access my account. Unless they steal my phone, but then it is fingerprint protected.



Add new comment

By submitting this form, you accept the Mollom privacy policy.

Related items you will like...