enabling more two factor – paypal, dropbox, linked in and yahoo

I’ve had two factor for gmail enabled for two years.  This morning, I set up two factor for github.  Due to Heartbleed (check if sites you use are affected), I checked who else permits two factor to revisit what I should turn on.  Twitter has it’s own post because it didn’t go smoothly like the others did.

I had originally decided not to turn on two factor for sites that don’t provide an app as I prefer not to get texts.  However, I notice they only text you when you log in from a new device.  And I get enough junk texts by now that this is a rounding error.


I have a paypal account but hardly use it.  It was so secure that I didn’t even know my main password.

  1. Go to this page.
  2. Choose the option to use a mobile number (vs a $30 device)
  3. Enter your phone number
  4. Enter the code sent via a text to prove you control that phone number.  Do so quickly.  The code expires in 5 minutes.


Dropbox was similar to github.  It uses Google Authenticator plus a backup phone code and backup text string.  The only annoyance was that I had trouble scanning the QR code.  I had to drag the browser to my second screen (which is larger so has better resolution.)

Dropbox didn’t make me re-connect my existing sessions.  I left them alone because I don’t want to sync all that data again.  Presumably two factor will protect me against anyone else using my login.

Linked in

  1. Go to the security page,
  2. Click Turn on for two factor
  3. Enter your phone number
  4. Enter the code sent via a text to prove you control that phone number

Yahoo mail

I hadn’t secured yahoo because I use it as my “backup” email provider.  Why not though.

  1. Go to this page.
  2. Enter your phone numbe
  3. Enter the “six digit” code sent via a text to prove you control that phone number.  (My “six digit” code was five digits.  I guess they are counting invisible leading zeros)

find friends in social networking without a password

I’ve always been concerned about the whole “give us your e-mail password and we will tell you which of your friends are registered on our service” thing on social networking sites.  To the point that I refuse to give out the password.  If I give out my password, the sites can do whatever they want with it.  Surely there is a better way!

While I’ve been reading about open standards for such things, today was the first day I actually saw it in practice.  I registered for GoodReads this week.  When clicking on find friends, you see the usual – click yahoo/hotmail/gmail/AOL/facebook/twitter/plaxo.  When clicking you have the option to type your password.  For some, you have an alternate choice.  Marked as “new”.  This alternate choice actually looks secure.

Summary of providers

Provider Allows providing password to glean contacts Comments on Non-password access to glean contacts
Yahoo Yes Worked well – similar to google as described below
Hotmail Yes Allows, but don’t have a hotmail account so untried
Gmail Yes Worked great; see below
AOL Yes No access
Facebook No Allows, but didn’t try.  I have to allow GoodReads access to write on my wall not just see contacts and didn’t want to go through the remove process at Facebook.
Twitter Yes Have to temporarily allow more access, but easy to revoke after from twitter’s connections page.
Plaxo No Not sure.  Plaxo wasn’t clear enough about what information they would be getting so I didn’t say ok.

Walking through gmail

  1. Click “Or: sign in directly on Gmail. (new)”
  2. Takes to page at a GOOGLE URL saying “The site www.goodreads.com is requesting access to your Google Account for the product(s) listed below.  Google Contacts
  3. Choose “grant access”
  4. [do stuff on GoodReads]
  5. Optional which I did because I only want to grant one time access – remove GoodReads from accessing my contacts list:
    1. Go to Google Accounts
    2. Click “change authorized websites”
    3. Click “revoke access”

The good

I am giving google my password.  Google already has my gmail password and is just checking it is correct.  I’m not passing it through GoodReads.  Google is also telling me specifically what information they are letting GoodReads see.

The bad

Just because I e-mailed someone once and they are in my Google contact list doesn’t mean I know them.  I also have to trust GoodReads won’t spam all my contacts.  Both of these problems exist with the old “give me your password” method.  I’m willing to accept both of these on a reputable site and not willing to provide a password.  So great progress.

benefits of twitter lists

I really like twitter lists.  JobMob blogged about how to use them.  I agree with what they said, but have a different personal use for them.  Here’s my take on twitter lists.

I use twitter in several different ways.  Lists help me deal with those ways.

Current tweets

This is the traditional see things as it happens model that twitter was founded on.  I don’t read everything this way, but it is good for seeing a small number of the most recent tweets.

Before lists: I used TwitterFox now EchoFon to see tweets that come when I happen to be online.

After lists: Same.

Reading a lot of tweets

I get home after work and am curious what kinds of things have been tweeted that day.  This is where lists shine.  Even if you were reading the same number of tweets, it is faster to read them in logical groups rather than time.  And lists let you skip ones you don’t feel like reading.

Before lists: Follow less people so they wouldn’t clog up my tweet stream.  Use an RSS feed for some topics so they wouldn’t clog up my tweet stream but I could still read them.

After lists:

One time setup

  • Follow the people I was following by RSS so now I’m following everyone I want to
  • Add *all* my contacts to one list.  Some public lists and some private lists
  • Open all my lists in Firefox tabs and bookmark the set

To read

  • Open all tabs in Firefox.
  • Look at the ones I am interested in.  (for example, read jokes tab when I need a pick me up)

Reading tweets on a topic

Before lists: Scan tweet stream, search

After lists: Open the list pertaining to the topic.  Easy!

Public vs Private Lists

Public lists are good for things like

  • listing the JavaRanch moderators
  • jokes
  • topics of interest.

Private lists are good for things like:

  • hobbies you prefer to keep quiet
  • more sensitive topics (like the society of secret _____)
  • less than complementary lists (I have a “people-who-post-way-too-much” list for people who I am interested in periodically, but don’t want to read all their stuff)
  • “other” – a kitchen sink list until there are more people in that category – it doesn’t really make sense to others


Lists may not have been out long, but I rely on them already.  Combined with tab bookmarking, they are very powerful.  I imagine this twitter clients will catch up soon.

Follow me on twitter @jeanneboyarsky