Two step verification is quickly becoming the preferred means of authentication especially for the security minded out there who want that extra layer of security protecting their personal accounts or other information. Two step verification in general makes the end user provide a secondary means of authentication such as a one time passcode usually generated by a mobile device via an app of some sort that is connected to the account. As of late, I have been testing the Duo Security app with RDP and a few other uses and I have to say I have been really impressed with the seamless operation of the app.
The one disappointment I had trying to setup my Google account with Duo however was simply the lack of documentation. There is a Duo third party page that basically tells you that you can setup your third party providers with the Duo security app but they don’t detail how this is done. With this post, I want to step everyone through this process of setting up your Google account with Duo. It actually isn’t that difficult if the documentation would simply show where you do this on the Google side. Once you figure that part of the equation out, the rest is easy.
The first thing you have to do is visit the link: https://www.google.com/landing/2step/ which gets the process initiated on the Google account side. After you start the process, you will be asked to sign into your account. After signing in, the first thing you will be asked to do is verify your mobile number. This is done by making sure they have the correct number. After you verify the correct number is populated, hit the Send verification code to send the verification text message to your mobile phone.
Once you receive the text message, enter this is the verify field to move on with the 2-step process. Click the Start setup button on the page to start the 2-step enrollment. At this point there are 4 steps that need to be completed:
- Which phone should we send codes to? – On this step, they basically ask you if you prefer to send the verification via a text message or a voice call.
- Verify your phone – Here you will be asked to enter a text message verification code they send again to your mobile device. Click Verify
- Verification codes on this computer – You have the option to make the computer you use to sign up 2-step verification on a trusted computer. This means on this particular computer, you won’t have to enter the verification code each time you sign into your account.
- Confirm – The final step basically reviews the information with you and has you confirm your choice to turn on 2-step verification on your Google account
After you confirm your selection to enroll in the 2-step verification process, you will be taken to your security profile settings including settings we will use to select the Duo app to use as our verification means. Also, your Google account will prompt you that you may have apps now that are broken because of the 2-step enrollment. You will need to create an app specific password for your apps.
For instance, if you have the gmail app on your Android or other device connected to your account, you will notice that you will stop receiving emails. You can’t just reenter your password for your gmail account. You have to create an app specific password for that particular connection.
More on the above part in just a couple of screenshots. However, you will notice that under the Verification Codes tab under your 2-Step Verification settings that you will have the option to Get codes via our mobile app instead down towards the bottom. Click the Switch to app and you will be presented with a barcode that can be scanned and then from that, you enter the verification code it generates.
- This is where we use the Duo app instead of the Google authenticator app
You will be asked which type of device you want to connect
Open up Duo and click the little plus key symbol which will take you to the add account wizard and barcode scan screen. After you click the Continue button on the box above, you will see the barcode to scan. Scan the code with Duo and then use the Duo app to generate the code. Enter the code and then you should have a successful message below:
The second order of business will be revisiting the app specific passwords. As we mentioned above, your mobile apps such as your Gmail app are broken at this point. Using the App-specific tab, you can create an app-specific password that verifies your specific app on your phone. Click the Manage application specific passwords at the bottom of the App-specific passwords tab.
Name your app – something intuitive here is best.
You will get a screen that shows your 16 digit app specific password. Enter this password in your App that you are reconnecting. For instance your Gmail app.
Your apps such as Gmail on your Android will most likely start giving you the following in your system notifications about not being able to sign in.
After you enter the 16 digit code from the app specific passwords setup screen, you should once again be connected to your account.
Duo security is a great two-factor authentication app that I have really been impressed with. The RDP piece is awesome and the two factor authentication integration with Google and other third party apps is really seamless. I highly recommend everyone start moving to 2-step verification on anything that needs to be secure and these days that is just about everything. Do yourself and your identity a favor and get used to the 2-step process as we will most likely see this and other more secure authentication means gaining popularity and becoming more widespread.