Head of Google's webspam team Matt Cutts wants to demystify the company's two-step authentication features in wake of Mat Honan's recent online security debacle. In a new post on his personal blog, he explains that the added security of a two-step authentication process comes from the combination of "something you know" (like a password) and "something you have" (like a smartphone). By sending a code to your phone via SMS (or via a special authenticator mobile app) — which hackers won't have physical access to — your account remains secure even if your password were to be compromised.
Cutts also dispels common misconceptions about Google's two-step authentication that might dissuade a user from giving it a try, like how the company's process doesn't require cell signal or even a phone at all, if you're willing to print out a code. While an SMS with a one-time-use authentication code can be delivered to any cell phone, Cutts also suggests the use of the Android Google Authenticator app, which can expedite the verification process. It's worth noting that not all apps support two-step verification, but you can set up app-specific passwords — themselves a secure function, as well. The article encourages everyone that uses Google services to give two-step authentication a try, and includes the how-to video below (originally posted May 27th) to make the setup even easier.