two factor and google voice

I’ve been using two factor authentication for a number of years.  I like when services offer a choice of two factor options. Or the common Google Authenticator app. Less of a fan of SMS required two factor. If I lose my phone or number, I can’t two factor authenticate to a few services. The most recent being Venmo. Ironically, Venmo wouldn’t let me change.

One of my friends has used Google Voice for phone for years. I decided to switch to a Google Voice number. This gives me a few advantages:

  • phone rings on multiple devices
  • texts get turned into email which means I can view them on multiple devices (nice for two factor)
  • I’m decoupled from my cell phone number for two factor

Today I’m switching over a bunch of services to use a different phone number for two factor. This table shows the services I can think of where I use two factor.

Interestingly, having possession of the original phone number was not necessary for any of the services. So I could have done this even if I had lost my phone. I had enough other options set up for two factor. Also ironically, I couldn’t switch Venmo which motivated all this. I can close the account though so if this ever becomes a problem…

Service Two Factor Options How Switching Went
Google

(original blog post)

Authenticator, SMS, phone, codes, key, Google prompt Google knew my number in my profile, but I still had to verify to set in profile. And again when wetting as my two factor option. Emailed that changed number.
Amazon

(original blog post)

Authenticator, phone, SMS Under my account added a mobile number. Confirmed with SMS text verification.
Twitter

(original blog post)

Authenticator, SMS, security key, backup code Went to mobile and clicked edit to change number. I didn’t enable SMS, but now it has the right number in case I need it as a one off. Confirmed with SMS text verification.
Facebook Authenticator, SMS, codes, key Went to security and use two factor. Added Google voice and backup. Emailed that added number.

(Only allowed SMS last I looked. Good improvement).

Venmo Just SMS Won’t accept my Google voice number and gave an error that it needs a mobile number. 
GitHub (original blog post) Choice of authenticator, SMS, security keys, recovery tokens (other site), and recovery codes (strings) Clear existing number. Set new Google voice number. Enter code texted to new number. GitHub also emailed me that I added and removed a SMS number.
PayPal

(original blog post)

SMS, phone Confirming my landline number, it had me type a code when they called instead of supplying a code read to me. This seems more secure. Good! The new number was added as unconfirmed. I clicked confirm to get a text to confirm it.
LinkedIn

(original blog post)

SMS I couldn’t find the two factor page without a direct link. I scrolled up and added a phone number. After confirming the verification code, it automatically made the new phone number primary. I couldn’t delete the original since it is used for two factor. So I went to the two factor section and changed the number. it sent me a code again. Then I finally went back and deleted the original number. And for every one of those operations, I had to enter my linked in password. This felt excessive.
DropBox

(original blog post)

Authenticator, SMS, codes, physical device Went to settings and changed my number. I had to enter my authenticator code but not verify possession of the phone number. Emailed that changed two factor settings.
Yahoo

(original blog post)

Email, phone, text Went to account to try to change number. Got an error that it can’t accept a VOIP number. I was able to change it my land line. I use Yahoo almost never so it doesn’t matter whether this is convenient. Emailed that removed and added number.
Slack Authenticator Added my phone number. No verification required.
Apple

(original blog post)

Various Added a trusted phone number and confirmed code. Verified with my computer as well as the code. Removed original number. Emailed that number changed

creating my first video

When I was at Oracle Code New York in March, Bob Rhubart asked me if I’d be up for creating a “two minute tech tip”. It’s a two minute video that you record yourself presenting a tip tip. I said I’d think about it. I didn’t do anything with it.

I wasn’t worried about content. I’m a Toastmaster. We do 1-2 minute talks frequently for practice. They are called Table Topics. With the two minute tech tip, I’d get to pick the topic so in that respect it is easier.

So what prevented me from actually creating the video? There were three things:

  1. I’ve never liked watching myself on video. And I’m better when I can at least pretend I don’t know I’m being recorded. Looking at the camera doesn’t help with that.
  2. I’d never created a video using my computer and didn’t know how.
  3. I live in a studio apartment in New York City. As you might imagine, these apartments aren’t known for having lots of space. Which means I frequently need to move things. I figured creating a video would be a lot of moving things around.

Now that I’m speaking at Oracle Code One, Bob asked again. This time about a video interview and/or a two minute tech tip. Since Oracle listed me as a featured speaker, me being too lazy to deal with problem 2 and 3 feels like a weak argument! And problem #1 is just something I have to live with. I haven’t let it prevent me from having conference sessions recorded so this is no different.

Creating a video

Creating a video (at least on Mac), turned out to be really easy. QuickTime Player has a “new movie recording” option. It really was as easy as sliding the webcam cover over so I don’t have a solid black image and pressing record. That was a silly thing to have as an impediment. It was a non-issue.

Getting ready

I also overestimated the complexity of getting ready in my mind. When I do a Skype video call with a friend or even my teammates, I just turn on the camera and go. That’s not what I want on youtube though. Luckily, it wasn’t that different. What I did:

  1. Move my five foot tall oscillating fan so it isn’t in the background. I don’t think it is terrible to have this in the background, but it wasn’t a big deal to move. (I also had to move two things in front of it to get to it.
  2. Move a couple of things on my eating area table so they aren’t in the frame. The napkin holder created glare, so this actually was necessary.
  3. Angle the laptop two inches to get the wall of the eating area table out of the frame. This made the background solid instead of a light switch and (two different colors.)
  4. Move my chair two inches so my head/body is covering the lamp behind me.
  5. Adjust lighting – during the day, having the lamp behind me off and the table lamp on was just perfect.
  6. Clear off table so don’t see papers on it (this allows my head to be in the middle of the camera angle)

eclipse photon (4.8) for the mac

eclipse.org went with a mountain peaks as the website theme for the release of Photon. Fun and fitting. The Eclipse site prompted me about the cookie use policy. Another change since last year, but not unexpected.

The matrix comparing the packages is still clear. The Java version is a subset of the Java EE version. I chose the later since it has the JavaScript tools built in. Unlike the last few years, a sponsored/commercial version wasn’t featured prominently. In fact, I didn’t notice one at all. Vaadin and JRebel do show as sponsored/promoted plugins in Eclipse Marketplace though so no risk forgetting about them!

Installing

I like to download and install a fresh Eclipse so I don’t have random plugins I’ve tried throughout the year. I downloaded the installer first which is a nice small, well relatively small, (55MB) file. I choose “Eclipse IDE for Java EE Developers” and an installation folder. This took a few minutes. I saw messages go by about it being slower than usual to download Eclipse plugins from various servers. Presumably because Photon has only been out a few days and lots of people are downloading.

I got a prompt from Oomph to accept /plugins/org.eclipse.rse.ui_3.3… as unsigned content. I accepted, but was a little surprised.

Then I was able to open Eclipse

 

Installing the plugins

Already installed were:

  • m2e (maven)
  • BuildShip (gradle)
  • EclEmma (code coverage)
  • JUnit (3, 4 and 5)
  • eGit (git)

The significant plugins I chose to re-install are listed in this table.

Plugin Purpose
Eclipse Tomcat Plugin One click launch for recent versions of Tomcat. (This is the successor to Sysdeo and Mongrel)

Problem/resolution

I got a PKIX error. But clicking through it still allowed me to install so I didn’t have to update the certs or anything.

Unable to read repository at https://devtools.his.de/tomcatplugin/updatesite/content.xml.

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This is a known issue. In my case, it was caused by the eclipse.ini automatically picking up my Java 11 early access install. After changing it to point to Java 8, things went better. This allowed it to pick up the cryptography jars and work as expected.

SonarLint I reply heavily on SonarLint. It gives you static analysis findings in Eclipse. I also included the SonarLint Java Configuration Helper so it can see the version of Java I am using. (I”m on Java 8 right now so this is redundant at the moment. But I’m ready for when Java 9 comes out.)
Subclipse I trouble with Subversive in Eclipse Oxygen so I switched to Subclipse. I would have needed to switch this year regardless as Subversive is no longer supported.
Eclipse Memory Analyzer For finding memory leaks.
Freemarker IDE Freemarker syntax highlighting and macro assistance. Unlike with Eclipse Oxygen, this worked on the first install attempt.
Pydev Python plugin/perspective
Contrast To spot potential security issues. See my impressions of the Contrast plugin.
Bytecode Outline I’ve been looking at bytecode a good fit for the book to make sure I understand why things are happening. This plugin makes it easy. The version number has hex towards the end; maybe the number from github?
Pitclipse For mutation testing coverage

 

What excites me

  1. When searching using open resource/type, exact matches take precedence (vs files you looked at with similar name.) Also, it now shows the path in the workspace regardless of whether the filename is a duplicate. Both are nice usability improvements.
  2. The UI changed for the debugger. I like that you can see more variables in the debugger view without having to scroll or resize the window.
  3. There’s now a workspace option to “Sort library entries alphabetically in Package Explorer”. This makes it easier to find things than the default order (which is the classpath.)

What I didn’t like

  1. On Mac, the default font changed from Monaco to Menlo so keywords show in bold instead of just color. This was more of a “change is hard” thing. The first day, I didn’t like the new bolding. I wasn’t used to it so the keywords looked different. By the second day, I was used to it and it was just readable as the original. (I know I could have changed my workspace default back to Monaco if I continued to not like it).

Other interesting features

  1. Eclipse now supports Rust. I haven’t used it, but Rust is supposed to be an up and coming language.
  2. Eclipse supports Java 10 out of the box. Not that interesting because Java 10 came out in March. But good to know that Eclipse is staying current. I imagine there will be an Eclipse 4.8.1a in September or October for Java 11 support since Java 11 comes out in September. Eclipse did this for JUnit 5 so there is definitely precedent.
  3. JUnit 5 is included. This doesn’t excite me because I had been using 4.7.1a which also had JUnit 5 support. But if you are upgrading from the release a year ago, it is definitely exciting!