When you bump into people at a funeral discussing e-mail security problems, you know it’s a mainstream issue. A woman we were chatting with just spent the better part of two weeks restoring access to her MSN account after she received a variation of the “Mugged in London” scam. The result was someone hijacked her account and she had to work through MSN to restore access.
Just like Facebook’s support for SSL, using two factor security for Google is something everyone needs to implement.
The process is detailed on The Official Google Blog – Advanced sign-in security for your Google account.
The process is called 2-step verification – this allows you to link your account to your mobile phone, a Mobile application (Google Authenticator on the Android), and printable backup codes that you can keep in your wallet. In addition, you can have application-specific passwords to supposed access on your smartphone.
If you’re running Google Apps on your smartphone, I recommend doing this all at once – it will eliminate password prompts and confusion later.
The process also provides a summary of Connected Sites, Apps, and Services that have access to your Google Account. In my case, this includes paulbegley.com access to Blogger, pulsememe.com (Google Reader), google.com (Google Calendar), and tweetdeck (Google Buzz). I had forgotten about setting up Pulse access to my RSS feeds on Google Reader, but it was a good reminder.
You can revoke or renew access at any time using the 2-step verification process.
UPDATE: Note that once you enable advanced sign-in security, you may need to generate a new password for third party applications. I ran into this with Feeddemon, but it was a simple fix:
I recommend you keep your Windows OS patched and be sure to update all the…
With more people streaming and general Internet use increasing, I get questions about measuring home…
Friends and family have asked about antivirus and security recommendations. This is a quick summary…
I avoid frequent changes to my home network. My stated goal is to design and…
Attempting to update PiHole from the command line, I received the error below: [i] Downloading…
Maureen A. Begley (nee Burchill), age 91, of Chillicothe, Ohio, formerly Moorestown and Mount Laurel,…
View Comments
This is something that I have been looking forward to for quite some time. This would be even better if more websites supported third-party login via OpenID. Not only does it mean I have to remember (i.e. reuse) passwords less, but it also affords all those smaller websites two-factor authentication with none of the hassle.
After using it for a few weeks, I am still not sure how Google decides to revoke a "saved" authenticator key. It seems fairly persistent with changing IP addresses, but I have also been (seemingly) randomly asked to re-authenticate.