Security Two-Step

I’ve finally got round to set­ting up two-step veri­fic­a­tion for my Google account. I should have done it sooner after read­ing this account of hack­ing http://​www​.emptyage​.com/​p​o​s​t​/​2​8​6​7​9​8​7​5​5​9​5​/​y​e​s​-​i​-​w​a​s​-​h​a​c​k​e​d​-​h​ard but it’s taken a while because it can be a pain.

The way it works is by com­bin­ing a pass­word with a veri­fic­a­tion code sent by a text mes­sage to con­firm any major changes to your account. By itself it’s just the slight extra hassle of keep­ing your phone with you when you make changes, like adding access for a new program.

In real­ity you can’t use veri­fic­a­tion codes with a lot of pro­grams, so you also need to gen­er­ate a lot of one-shot pass­words for each applic­a­tion. My mail pro­grams on my phone and my desktop both use dif­fer­ent pass­words to my account pass­word. If I give any­thing else access like laptop or tab­let, that will need a new one-shot pass­word too. If I try to get this pass­word for my laptop while using my laptop browser for the first time, then that will need text veri­fic­a­tion to get into my account.

It is a hassle.

It’s even more hassle because I’m for­get­ful. There’s a good chance I could for­get where my phone is. Or it could break or get stolen. So I also have to get some more access codes to take account for that, print them off and store them some­where. Not any­where near a device, in case they’re stolen with the device, but access­ible enough that I can get them when I need them.

It is a pain, but even if you keep your pass­word secure you can’t be sure every­one else will keep your pass­word secure. http://​www​.wired​.com/​g​a​d​g​e​t​l​a​b​/​2​0​1​2​/​0​8​/​a​p​p​l​e​-​a​m​a​z​o​n​-​m​a​t​-​h​o​n​a​n​-​h​a​c​k​i​ng/ If you can get into your own account with no effort, how much effort is it going to take any­one else? You can decide for your­self if two-step veri­fic­a­tion is neces­sary for you by work­ing out how much you might lose if your Google account were hacked.


Google+: View post on Google+


When he's not tired, fixing his car or caught in train delays, Alun Salt works part-time for the Annals of Botany weblog. His PhD was in ancient science at the University of Leicester, but he doesn't know Richard III.

4 Responses

  1. Ernest W says:

    Doing the Google Security 2 step

  2. Do not for­get to look into the “applic­a­tion spe­cific” pass­words after­wards. You will need them for instant mes­sen­gers or IMAP/POP3 access.

  3. Ernest W says:

    I saw that. I have to fig­ure out what ser­vices I’m using bey­ond G+.

  4. Oh, you also should use the “app. spe­cific” PW for your android phone if you have one. G