Google has unveiled a new, two-step Google Account sign-in process intended to provide an extra, optional layer of security.
Users who enable it will have to enter their passwords as well as a separate code that will be sent to mobile devices before gaining access to products like Gmail or Google Docs.
Google added this for Google Apps customers several months ago, but is now extending it to all users.
"There are plenty of examples (like the classic 'Mugged in London' scam) that demonstrate why it's important to take steps to help secure your activities online," Nishit Shah, product manager for Google Security, wrote in a blog post.
"Your Gmail account, your photos, your private documents—if you reuse the same password on multiple sites and one of those sites gets hacked, or your password is conned out of you directly through a phishing scam, it can be used to access some of your most closely-held information."
Google users will shortly see a new link on the Account Settings page that includes the new option, “Using 2-step verification.” Shah said it will probably take about 15 minutes to complete the set-up process.
“It's an extra step, but it's one that significantly improves the security of your Google Account because it requires the powerful combination of both something you know—your username and password—and something that only you should have — your phone. A hacker would need access to both of these factors to gain access to your account,” Shah said.
If you like, you can always choose a "Remember verification for this computer for 30 days" option, and you won't need to re-enter a code for another 30 days. You can also set up one-time application-specific passwords to sign in to your account from non-browser based applications that are designed to only ask for a password, and cannot prompt for the code.