two factor and google voice

Posted on by
Reply

I’ve been using two factor authentication for a number of years.  I like when services offer a choice of two factor options. Or the common Google Authenticator app. Less of a fan of SMS required two factor. If I lose my phone or number, I can’t two factor authenticate to a few services. The most recent being Venmo. Ironically, Venmo wouldn’t let me change.

One of my friends has used Google Voice for phone for years. I decided to switch to a Google Voice number. This gives me a few advantages:

  • phone rings on multiple devices
  • texts get turned into email which means I can view them on multiple devices (nice for two factor)
  • I’m decoupled from my cell phone number for two factor

Today I’m switching over a bunch of services to use a different phone number for two factor. This table shows the services I can think of where I use two factor.

Interestingly, having possession of the original phone number was not necessary for any of the services. So I could have done this even if I had lost my phone. I had enough other options set up for two factor. Also ironically, I couldn’t switch Venmo which motivated all this. I can close the account though so if this ever becomes a problem…

Service Two Factor Options How Switching Went
Google

(original blog post)

 Authenticator, SMS, phone, codes, key, Google prompt Google knew my number in my profile, but I still had to verify to set in profile. And again when wetting as my two factor option. Emailed that changed number.
Amazon

(original blog post)

 Authenticator, phone, SMS Under my account added a mobile number. Confirmed with SMS text verification.
Twitter

(original blog post)

 Authenticator, SMS, security key, backup code Went to mobile and clicked edit to change number. I didn’t enable SMS, but now it has the right number in case I need it as a one off. Confirmed with SMS text verification.
Facebook Authenticator, SMS, codes, key Went to security and use two factor. Added Google voice and backup. Emailed that added number.

(Only allowed SMS last I looked. Good improvement).
Venmo Just SMS Won’t accept my Google voice number and gave an error that it needs a mobile number. 
GitHub (original blog post) Choice of authenticator, SMS, security keys, recovery tokens (other site), and recovery codes (strings) Clear existing number. Set new Google voice number. Enter code texted to new number. GitHub also emailed me that I added and removed a SMS number.
PayPal

(original blog post)

 SMS, phone Confirming my landline number, it had me type a code when they called instead of supplying a code read to me. This seems more secure. Good! The new number was added as unconfirmed. I clicked confirm to get a text to confirm it.
LinkedIn

(original blog post)

 SMS I couldn’t find the two factor page without a direct link. I scrolled up and added a phone number. After confirming the verification code, it automatically made the new phone number primary. I couldn’t delete the original since it is used for two factor. So I went to the two factor section and changed the number. it sent me a code again. Then I finally went back and deleted the original number. And for every one of those operations, I had to enter my linked in password. This felt excessive.
DropBox

(original blog post)

 Authenticator, SMS, codes, physical device Went to settings and changed my number. I had to enter my authenticator code but not verify possession of the phone number. Emailed that changed two factor settings.
Yahoo

(original blog post)

 Email, phone, text Went to account to try to change number. Got an error that it can’t accept a VOIP number. I was able to change it my land line. I use Yahoo almost never so it doesn’t matter whether this is convenient. Emailed that removed and added number.
Slack Authenticator Added my phone number. No verification required.
Apple

(original blog post)

 Various Added a trusted phone number and confirmed code. Verified with my computer as well as the code. Removed original number. Emailed that number changed

creating my first video

Posted on by
1

When I was at Oracle Code New York in March, Bob Rhubart asked me if I’d be up for creating a “two minute tech tip”. It’s a two minute video that you record yourself presenting a tip tip. I said I’d think about it. I didn’t do anything with it.

I wasn’t worried about content. I’m a Toastmaster. We do 1-2 minute talks frequently for practice. They are called Table Topics. With the two minute tech tip, I’d get to pick the topic so in that respect it is easier.

So what prevented me from actually creating the video? There were three things:

  1. I’ve never liked watching myself on video. And I’m better when I can at least pretend I don’t know I’m being recorded. Looking at the camera doesn’t help with that.
  2. I’d never created a video using my computer and didn’t know how.
  3. I live in a studio apartment in New York City. As you might imagine, these apartments aren’t known for having lots of space. Which means I frequently need to move things. I figured creating a video would be a lot of moving things around.

Now that I’m speaking at Oracle Code One, Bob asked again. This time about a video interview and/or a two minute tech tip. Since Oracle listed me as a featured speaker, me being too lazy to deal with problem 2 and 3 feels like a weak argument! And problem #1 is just something I have to live with. I haven’t let it prevent me from having conference sessions recorded so this is no different.

Creating a video

Creating a video (at least on Mac), turned out to be really easy. QuickTime Player has a “new movie recording” option. It really was as easy as sliding the webcam cover over so I don’t have a solid black image and pressing record. That was a silly thing to have as an impediment. It was a non-issue.

Getting ready

I also overestimated the complexity of getting ready in my mind. When I do a Skype video call with a friend or even my teammates, I just turn on the camera and go. That’s not what I want on youtube though. Luckily, it wasn’t that different. What I did:

  1. Move my five foot tall oscillating fan so it isn’t in the background. I don’t think it is terrible to have this in the background, but it wasn’t a big deal to move. (I also had to move two things in front of it to get to it.
  2. Move a couple of things on my eating area table so they aren’t in the frame. The napkin holder created glare, so this actually was necessary.
  3. Angle the laptop two inches to get the wall of the eating area table out of the frame. This made the background solid instead of a light switch and (two different colors.)
  4. Move my chair two inches so my head/body is covering the lamp behind me.
  5. Adjust lighting – during the day, having the lamp behind me off and the table lamp on was just perfect.
  6. Clear off table so don’t see papers on it (this allows my head to be in the middle of the camera angle)

more on backward compability – this time with lang

Posted on by
Reply

I blogged an answer to Mark’s question about var in Java 10. He wrote back the following. I thought it was great and asked if I could use it as a guest blog post. He said yes.

So compliments of our guest blogger: Mark Yagnatinsky.

Thanks! You inspired me to try compiling my own little test program that I’d wondered about for a while:

It turns out that if you try to do this:

class java {
    class lang {
    }
}

Java won’t let you (it notices that there’s already a package with that name).
But first of all, this protection extends only to java.lang, and not, say, java.util.
And second of all, we can distract it by putting our code in a package:

package Scratches;
class java{
    interface lang{
        class String{}
        static void main( HELP[] args ) {
        }
    }
}

As far as I can tell, there is nothing we can type instead of HELP to make the above main method runnable on the command line.
In this case though, we’re only doing “local” damage: the rest of the code in our package (outside of “interface lang”) can still use Strings.

The way this is usually described is that there is an implicit “import java.lang.*” at the start of every file.
It turns out that java.lang is more special than this description implies.

If we try the same trick with java.util, we can knock access to the entire package (but not subpackages):

package Scratches;
// the line below has no effect whether you comment it out or not.
//import java.util.Hashtable;
class java {
    interface lang {
        class String{}
        static void main( String... args ) {
            // can't fix signature to run this method.
        }
    }
    interface util {
        class Hashtable{}
    }
}
class Main {
    public static void main( java.lang.String... args ) {
        // this method does not get called if you run from the command line
    }
    public static void main( String... args ) {
        // this method runs from the command line just fine
        new java.util.Hashtable(); // this is our hash table, not Java's
        // the line below won't compile (no such name)
        //new java.util.HashMap();
        new java.util.concurrent.ConcurrentHashMap(); // but this is fine
    }
}

It’s kind of amazing how much insanity the capitalized class name convention protects us from.
(Though to be fair, Java.Util is also a fairly unlikely class name…)