Google getting serious about security.

Discussion in 'Current Events' started by dragonbite, Feb 4, 2011.

  1. dragonbite

    dragonbite Well-Known Member

    Aug 30, 2008
    Likes Received:
    Just the other day I had my account closed due to "suspicious activity". When I got it re-opened I saw information on a setting up 2-step authentication.

    This 2-step authentication means you use your username/password like everybody else, but then there is an additional validation code you have to enter. If you have ever used an RSA key fob, this is similar but doesn't require anything specialized, just a phone.

    So when you log in using your username and password a page comes up requesting your validation code. Meanwhile Google either calls or texts the phone(s) you set up when turning on 2-step, with a validation code. Enter that in the box and you're good to go.

    So if a hacker has your username/password, they still can't get in without your phone!

    What about if you don't have either phone accessible? When the account is set up Google also associates 10 8-digit validation codes which are one-time use and in a printable format for putting in your wallet.

    What about applications, such as email clients, instant messengers, photo gallery software, calendars and other installed programs? They thought of these too.

    Once you have 2-step authentication set up, you can set up application passwords. These are randomly generated passwords that you name and use with an application to access your account. Instead of your account password being passed by these applications, this randomly generated password is used instead.

    The great thing about this is you can create a number of them and if any of them get compromised, it doesn't give access to your overall account. Only with the use of the 2-step authentication (i.e. your phone) can somebody get into your account and make changes.

    You can name the application password any way you want. I am thinking if I set up one for each system (e.g. "Desktop", "Laptop", etc.) then that way if one gets compromised I will be able to know which system got it, and easily create temporary ones like in case I have to use a friend's system for a while, etc.

    I think this is a great idea for Google, as more and more of our lives are ending up in the cloud. It may seem like a pain at first, but as they say "an ounce of prevention is worth a pound of cure"! Not to mention, if you use client applications predominantly then the time spent in the beginning will make your account more secure and you really won't see a difference when it is all done and set up.

Share This Page