I've finally got round to setting up two-step verification for my Google account. I should have done it sooner after reading this account of hacking http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard but it's taken a while because it can be a pain.
The way it works is by combining a password with a verification code sent by a text message to confirm any major changes to your account. By itself it's just the slight extra hassle of keeping your phone with you when you make changes, like adding access for a new program.
In reality you can't use verification codes with a lot of programs, so you also need to generate a lot of one-shot passwords for each application. My mail programs on my phone and my desktop both use different passwords to my account password. If I give anything else access like laptop or tablet, that will need a new one-shot password too. If I try to get this password for my laptop while using my laptop browser for the first time, then that will need text verification to get into my account.
It is a hassle.
It's even more hassle because I'm forgetful. There's a good chance I could forget where my phone is. Or it could break or get stolen. So I also have to get some more access codes to take account for that, print them off and store them somewhere. Not anywhere near a device, in case they're stolen with the device, but accessible enough that I can get them when I need them.
It is a pain, but even if you keep your password secure you can't be sure everyone else will keep your password secure. http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ If you can get into your own account with no effort, how much effort is it going to take anyone else? You can decide for yourself if two-step verification is necessary for you by working out how much you might lose if your Google account were hacked.
Google+: View post on Google+