Security Two-Step

Oct 5, 2012 Alun Uncategorized 4 Comments blog, Google

I’ve finally got round to set­ting up two-step veri­fic­a­tion for my Google account. I should have done it sooner after read­ing this account of hack­ing http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard but it’s taken a while because it can be a pain.

The way it works is by com­bin­ing a pass­word with a veri­fic­a­tion code sent by a text mes­sage to con­firm any major changes to your account. By itself it’s just the slight extra hassle of keep­ing your phone with you when you make changes, like adding access for a new program.

In real­ity you can’t use veri­fic­a­tion codes with a lot of pro­grams, so you also need to gen­er­ate a lot of one-shot pass­words for each applic­a­tion. My mail pro­grams on my phone and my desktop both use dif­fer­ent pass­words to my account pass­word. If I give any­thing else access like laptop or tab­let, that will need a new one-shot pass­word too. If I try to get this pass­word for my laptop while using my laptop browser for the first time, then that will need text veri­fic­a­tion to get into my account.

It is a hassle.

It’s even more hassle because I’m for­get­ful. There’s a good chance I could for­get where my phone is. Or it could break or get stolen. So I also have to get some more access codes to take account for that, print them off and store them some­where. Not any­where near a device, in case they’re stolen with the device, but access­ible enough that I can get them when I need them.

It is a pain, but even if you keep your pass­word secure you can’t be sure every­one else will keep your pass­word secure. http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ If you can get into your own account with no effort, how much effort is it going to take any­one else? You can decide for your­self if two-step veri­fic­a­tion is neces­sary for you by work­ing out how much you might lose if your Google account were hacked.

#blog

Google+: View post on Google+