Google 2-Step Verification

[jammin]

So Google recently introduced the option to add 2-step verification to all of your online accounts (gmail, blogger, adsense etc.).

 

What this basically means is that you can set yourself up so that when you sign into your account, you will not only need your password, but will also need a verification code that will be sent to (or generated by) your phone. As it is highly unlikely anyone trying to access your account will have both your password and access to this device, then it provides pretty strong security.

 

Note there are also backups should you lose your phone (printed backup codes + second phone). You can also choose to verify a certain computer for 30 days before having to enter a code again (useful for computers you use frequently).

 

I just switched my account over, and I think it is a neat feature.

 

Google has been verifying by phone in this way for a while for certain account setup procedures, something I am familiar with working for a web design company and setting up accounts for clients. So it's a logical step to introduce the option for logins as well.

 

What do you guys think?

Edited February 19, 2011 by jammin

[flareback]

I don't plan on using it. I realize this is probably a good thing but I really don't want to have to mess with it.

[Phil]

I have several accounts and will probably do this over time at my convenience. It's a good idea.

[SpeedCrazy]

It may be a good idea, but i dont like it. I dont have a cell phone and if i did would not want to give them its number. They already have access too way too much personal info of their customers.

[jammin]

I'm personally not too worried about them having my phone number, and I think it is worth it for the improved security it provides.

I am far more concerned with someone else getting access to all of my email and the other Google products I use than I am with what Google could potentially do with my phone number.

[SpeedCrazy]

1. I dont like giving out lots of personal info.

2. I don't so much mind giving it to companys for security reasons but if they were hacked (easy probably) all my info is their for the taking. So the less i give out the less can be stolen sold or otherwise distributed. Also the reason i hate facebook, all the info scam and privacy deals put me off joining.

3. Why do they need that info? Could they not just have me make a more complex password or multiple passwords? They want that info to sell. Why else do you think they offer 'FREE' accounts, you dont think its out of the goodness of their hearts do you? No, they are making money off us even if we think we have a free account. Dont you think facebook could fix all these privacy loopholes if they wanted to? But they dont want to, they are making money. None of these companies care about you or me, they want money. Everything they do every service they offer is to get them another dollar. If they truly cared about their customers they would have fixed all these 'bugs' long ago.

</rant>

[fire_storm]

I will probably sign up for it eventually but the problem I have with this I don't always have my cell phone with me and in an area with service and knowing Google they probably take your phone number and use it for advertising purposes.

 

I think they should also offer RSA Security tokens which basically do the same thing.

Edited February 19, 2011 by fire_storm

[CheeseMan42]

This looks like a good idea. I will have to look further into it.

[jammin]

I will probably sign up for it eventually but the problem I have with this I don't always have my cell phone with me and in an area with service and knowing Google they probably take your phone number and use it for advertising purposes.

 

I think they should also offer RSA Security tokens which basically do the same thing.

 

If you have a smartphone (I don't.. yep I have no need for one), then they use an app rather than using your phone number I believe. If you meant hardware tokens, then I doubt Google is going to provide millions of those for free (though I guess it could offer them for a small charge).

 

3. Why do they need that info? Could they not just have me make a more complex password or multiple passwords?

 

The problem with passwords (however complex), is that if someone gets hold of it somehow, it's as secure as no password at all. A phone is something you have to physically have on you at the time of login, so it's a bit different.

Edited February 19, 2011 by jammin

[WhenKittensATK]

It's a good idea, however I don't always have my phone with me

[xPETEZx]

1. I dont like giving out lots of personal info.

2. I don't so much mind giving it to companys for security reasons but if they were hacked (easy probably) all my info is their for the taking. So the less i give out the less can be stolen sold or otherwise distributed. Also the reason i hate facebook, all the info scam and privacy deals put me off joining.

3. Why do they need that info? Could they not just have me make a more complex password or multiple passwords? They want that info to sell. Why else do you think they offer 'FREE' accounts, you dont think its out of the goodness of their hearts do you? No, they are making money off us even if we think we have a free account. Dont you think facebook could fix all these privacy loopholes if they wanted to? But they dont want to, they are making money. None of these companies care about you or me, they want money. Everything they do every service they offer is to get them another dollar. If they truly cared about their customers they would have fixed all these 'bugs' long ago.

</rant>

Are you serious?

 

You say all this as you somehow expect companies to have your best intentions at heart. Wake up, nothing ANY company does is for you. NOTHING. Be it buying a tin of beans, or a car, NONE of the companies involved give 2 S**ts about you. They want your cash and thats it.

Why are you surprised that this is also true on-line?

 

If anything, by doing this google IS caring about you. This is something that is FREE. They make NO money out of you activating a feature like this. In fact, they had to PAY people to develop it.

 

As people have said, you can have thee most complex password in the world, if you fall victim to a key logger, BAM password captured account stolen.

 

This system plays perfectly to the security principle that to gain access to something it should require 1.) Something you know and 2.) something you have. (Like with your bank account, to get money out you need 1.) your PIN number 2.) your bank card)

 

 

So, you are SERIOUSLY misguided to think google give a c**p about your phone number. It is worth absolutely nothing to them.

 

You say you dont want to give your information out if you dont have to, well guess what, its all already stored in so many places which are probably far easier to hack than Google. (Your school, your Uni, your work, various goverments etc)

[SpeedCrazy]

I thank you for your scathing comeback.

 

You say all this as you somehow expect companies to have your best intentions at heart. Wake up, nothing ANY company does is for you. NOTHING. Be it buying a tin of beans, or a car, NONE of the companies involved give 2 S**ts about you. They want your cash and thats it.

Why are you surprised that this is also true on-line?

I understand this. I was not surprised. I am just saying that i dislike the system, if you work with a small company they respect their customers because they need you to survive, if you work with big companies they could care less, you can do nothing to them if they disrespect you and or sell your info.

 

If anything, by doing this google IS caring about you. This is something that is FREE. They make NO money out of you activating a feature like this. In fact, they had to PAY people to develop it.

Seriously? Sure they pay people to develop it, but if they got nothing back from this feature you think they would bother? With an app on your phone they can track the things you do the sites you vist and use that with their advertising services to try and make money off of you. And every FREE has a FEE in it. Tanstaafl. As you said THEY DONT CARE about you. You are a worm to make money off of or squash as they choose.

 

As people have said, you can have thee most complex password in the world, if you fall victim to a key logger, BAM password captured account stolen.

 

I said multiple passwords! I agree that that is still breakable but so is this. As for the key logger, if one gets you that is YOUR fault, not googles (or whoever) you should have firewalls and anti-spyware/virus/malware in place.

 

So, you are SERIOUSLY misguided to think google give a c**p about your phone number. It is worth absolutely nothing to them.

Google doesn't care what my phone number is but they can still sell it, lots of money is made off of telemarketing. Also your phone number can be used to find out a lot of info about you. Name, address, and i bet communications networks are alot more hackable than google, so someone gets your phone number, your provider, they bypass security or some places will sell this info, and look you up, they then have credit card, social security, address, bills all this info.

 

You say you dont want to give your information out if you dont have to, well guess what, its all already stored in so many places which are probably far easier to hack than Google. (Your school, your Uni, your work, various goverments etc)

Posted Image

Those places dont have a prerogative to sell my info. Plus if you havent gone to uni and all your work is basically your own business that rules out 2 of your 'easily hackable' places. Dont you think places like that would get into some trouble if they were hacked through negligence? And if you think a government would be easier to hack than google you must live in some third world place.