Setting up Google MFA=Multi Factor Authentication (or 2FA)

Setting up Google MFA=Multi Factor Authentication (or 2FA)

Google in late 2021 is going to be enabling, and forcing MFA on all accounts:
Googles article on the enrollment process is here:

What it is going to do by default is if you have ever logged in with the Google App (on Android or iOS) will make that your default (and non-industry standard) Second Factor. For initial setup, that's fine but the problem is when (not if) you loose your mobile device and have to set it up again that's when things can go wrong.

If you don't have a backup way to get back into your account you can get locked out permanently (because google doesn't have a support number to call, especially for free accounts).

Google Workplace/G Suite/Google Apps or corporate accounts: Google currently says here:
that "NOTE: The automatic 2SV enrollment will not impact organizations on Google Workspace. Organizations on Google Workspace will continue to have the choice of enrolling their users in 2SV via the admin console." but I'm sure that policy will change at some point in the future. Especially for administrators

Summary: All possible options

Pre-Setup Todo

Uniquely name your mobile device (we'll be using this later)
  1. iOS: Settings | General | About | Make it something unique like "Name Phone type year purchased" eg "John iPhone 12 Pro 2021"
  2. Android: Settings | About | Device Name | Make it something unique like "Name Phone type year purchased" eg "John Pixel 4 XL 2021"

1. Get into settings

From a computer goto Then

2. Check and Update Account recovery information

Note: The phone and email here, if this is an old insecure email account (like AOL or mindspring) and hackers get into this account, they can use this to get into your google account!
Make sure it is accurate. Add current info, remove old info.

3. Setup 2-Step Verification with SMS

If you've never Installed the google app on your mobile device you won't see anything under "These devices can get prompts".

Add phone number

Turn on Google Account 2FA

4. Get Backup Codes

Used in the case of emergency. NOTE: Each code can only be used once! Get more before you run out if you use them

Save codes somewhere safe (password manager notes, print to paper etc)

5. Setup Authenticator App (TOTP)

Capture text info just in case


Optional for the security conscious: Remove SMS 2FA option