Google and 2 factor

Main menu:

Topics

Recent Posts

Blog

April 2012
M T W T F S S
« Mar   May »
 1
2345678
9101112131415
16171819202122
23242526272829
30  

Past Posts

Java/Java EE

JDBC

Other

Google and 2 factor

April 15th, 2012 by Jeanne Boyarsky

Don’t want someone else sending e-mail as you? Don’t want someone reading your e-mail? Don’t want your email hacked? Then why do you only protect you e-mail with a flimsy (or not so flimsy) password?

It’s scary what someone could do with your e-mail. Luckily, Google has been offering 2-factor authentication for over a year.

How it works

When you turn on 2 factor, Google asks you what options you’d like to turn on as a secondary authentication channel.  I use the following (in order of preference):

  • Google Authenticator iPad application
  • phone call to mobile phone
  • text to mobile phone
  • written down one time use passwords

Normal inconveniences

Security is more work than being non-secure.  That’s why my password isn’t “jeanne”.  It’s one that I have to actually remember.  When I first turned this on, there was less than an hour of initial inconvenience.  Which consisted of:

  • reading about 2 factor
  • turning on 2 factor
  • entering the second code for the three devices on which I regularly use gmail
  • creating an “one application only” password for the apps that use google sign on but don’t support two factor
How to turn on 2 factor
Since the Google blog entry, gmail has a new interface and of course the 2 factor settings have moved.  To get to them now, go to your main Google account settings page and choose 2 factor.
A funny story
A few months ago, I moved and didn’t have the internet at home for over a week.  I was using my wifi iPad for the internet for the most part.  One day I needed to do something that required a real browser.   My employer bans gmail so I went to the library “to check my e-mail.”  I signed up for a computer spot at the library using my library card.  I logon to gmail and get prompted for a second factor.  Dang.  I didn’t bring my iPad or one time use passwords to the library and there is no cell phone reception to get the code the other ways. And if I get up, someone could take my computer spot.  It worked out ok, I asked someone to watch my spot and ran outside to get reception and get the code.  It’s more secure though!
Overall

I’m happy with 2 factor.  It’s such a minor inconvenience to have it on that it is more than worth the extra security on my account.

Comments

Comment from Radek
Posted: April 15, 2012 at 4:49 pm

I didn’t know it existed. Thanks for letting us know. I’ve turned it now on.

Pingback from logging onto a chromebook with two factor | Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky
Posted: August 12, 2012 at 10:50 pm

[...] onto a chromebook with two factor August 12th, 2012 by Jeanne Boyarsky I have 2 factor authentication set up on my gmail.  Needless to say signing on with my id was not the first thing I did with the Chromebook!  But [...]

Pingback from blogging from owasp security meetup | Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky
Posted: June 14, 2013 at 1:50 pm

[...] Different passwords for all sites, password management system. Beyond what the average person will do. Need to hold system accountable. Shouldnt be able to email password to user.  [I’m surprised nobody mentioned two factor for email – I use that for gmail. [...]

Pingback from github and two factor authentication | Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky
Posted: April 12, 2014 at 9:23 am

[…] years ago, I set up two factor authentication for my gmail account.  Last year, github announced the ability of two factor.  I hadn’t noticed at the time. […]

Pingback from enabling more two factor – dropbox, linked in, twitter and yahoo | Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky
Posted: April 12, 2014 at 10:11 am

[…] had two factor for gmail enabled for two years.  This morning, I set up two factor for github.  Due to Heartbleed (check […]

Pingback from 2-factor authentication and twitter | Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky
Posted: April 12, 2014 at 10:24 am

[…] had two factor for gmail enabled for two years.  This morning, I set up two factor for github and some others due to […]

Write a comment