Skip to main content

Misconceptions of Google Two-factor Authentication Debunked

Last week former Gizmodo writer Mat Honan found his iCloud account compromised which the hackers used to reset his Gmail password. They then gained control of his Twitter account and used it to broadcast racist and homophobic messages. The hackers also remotely erased all of the data on his iPhone, iPad, and MacBook from his Apple account. “In the space of one hour, my entire digital life was destroyed”, says Mat Honan.

Like most people Honan had his accounts daisy-chained together. Getting into one account allowed the hackers to get into the others. “Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc.”

The email account is the most important of all accounts. When you lose control of your email you lose your online identity. But the consequences are usually deeper and often affect your life outside of the Internet. The hackers have access to every sensitive information that is important to you – your credit card numbers, bank account information, your social account, medical info and more.

It’s been a while Google added two-factor authentication ability to Google accounts but not many people are using it because they think it’s a big inconvenience. Sure, it’s a hassle to setup but the enhanced security you get, and not to mention the peace of mind, is worth it. Besides, once you’ve authorized all your devices using two-factor authentication you don’t have to enter the PIN every time you login. Only when you try to login using another machine that the SMS-PIN code becomes necessary.

Matt Cutts, in his recent blog post, answers some of the frequently asked questions and clears doubts people have regarding two-factor authentication.

Myth #1: But what if my cell phone doesn’t have SMS/signal, or I’m in a foreign country?
Reality: You can install a standalone app called Google Authenticator (it’s also available in the App Store), so your cell phone doesn’t need a signal.

Myth #2: Okay, but what about if my cell phone runs out of power, or my phone is stolen?
Reality: You can print out a small piece of paper with 10 one-time rescue codes and put that in your wallet. Use those one-time codes to log in even without your phone.

Myth #3: Don’t I have to fiddle with an extra PIN every time I log in?
Reality: You can tell Google to trust your computer for 30 days and sometimes even longer.

Myth #4: I heard two-factor authentication doesn’t work with POP and IMAP?
Reality: You can still use two-factor authentication even with POP and IMAP. You create a special “application-specific password” that your mail client can use instead of your regular password. You can revoke application-specific passwords at any time.

Myth #5: Okay, but what if I want to verify how secure Google Authenticator is?
Reality: Google Authenticator is free, open-source, and based on open standards.

Myth #6: So Google Authenticator is a free and open-source, but does anyone else use it?
Reality: Yes! You can use Google Authenticator to do two-factor authentication with LastPass, Amazon Web Services, Drupal, and DreamHost, or even use a YubiKey device.

Have you setup two-factor authentication on your Google account?

Comments

Popular posts from this blog

How to Schedule Changes to Your Facebook Page Cover Photo

Facebook’s current layout, the so called Timeline, features a prominent, large cover photo that some people are using in a lot of different creative ways. Timeline is also available for Facebook Pages that people can use to promote their website or business or event. Although you can change the cover photo as often as you like, it’s meant to be static – something which you design and leave it for at least a few weeks or months like a redesigned website. However, there are times when you may want to change the cover photo frequently and periodically to match event dates or some special promotion that you are running or plan to run. So, here is how you can do that.

69 alternatives to the default Facebook profile picture

If you have changed the default Facebook profile picture and uploaded your own, it’s fine. But if not, then why not replace that boring picture of the guy with a wisp of hair sticking out of his head with something different and funny?

How to remove watermark from an image or picture

A watermark is any recognizable text, logo or pattern that appears over an image to identify the owner of the image and generally used to prevent unauthorized reuse of the image. Watermarks are usually transparent and can be difficult to remove. The difficulty or ease of removal depends on the content of the image and the position, color, size etc of the watermark.