Shared publicly  - 
183
57
David Rea's profile photoSean Lingham's profile photoJonas Hagmar's profile photostefan jeffers's profile photo
35 comments
 
ok, so i'm a newb, what is exactly different?
 
This will make flashing ROMs a lot easier.
 
This is the only way to go if you use Google products.  
 
So wait... I might actually be able to figure out how to use my services with two-step authentication? Wow...
 
Can someone explain this to me? Does authenticator just give you a code that enables access from a new device?
 
Does this fix the problem for when you flash a rom?
 
Everything I do now that has this option I will use. After my laptop was stolen I soon had my accounts tampered with and purchases made on my Paypal account. Someone would need to have my phone at this point for access and it's nice to know when someone tries to log into one of my accounts. I highly recommend this option for security. 
 
Just don't ever ever lose or break your phone. Happened to me. Almost got locked out of my account.
 
+BJ Cardon pretty much, you can use the App or you can get texts to your phone, the app is much nicer.  I use both app as my main, and phone texts as a back up
 
And how do I turn off texts? I mean just to receive code via app? Thanks
 
I'd use this but Google seems to think that we don't have cellular service in Botswana. At least, there's no option for entering a Botswana cell number when trying to set up 2-factor authentication. This is especially irritating as all the neighbouring countries are listed. I guess Google is OK with my account getting hacked :-(
 
Ah... I kind of wish it was more like Steam Guard.
 
+Jean Danh That is a really bad idea, if anyone got the TB file they would be able to bypass your security easily, and I'm not sure what you could do to stop them.

+BJ Cardon in what way is it not like steam guard?
 
+Azzedine Bouleghlimat I'm just assuming this so correct me if I'm wrong...

Steam passes you a code and approves your "device" for access permanently. I think they base on a cookie or something, it is definitely browser based, but I like the concept. Now I can log in to Steam with my user and password without a code from that device.

G2a requires a code every time you log in to your account. There is no device approval, there is no logging in with your regular user and password. You always need a G2a code.

Right?
 
+BJ Cardon you can also do that in Google. When you put the code in you can tick a box to permanently trust the computer which lays a cookie so you don't have to authenticate every time. But you don't have to, so if you are at a library you can't accidentally leave a PC authenticated. Also, if you ever lose a device you can revoke access via your account settings.
 
I just want to know if Asus and Android will give the OG Transformer TF101 the Jelly Bean update! And when?
 
Google makes turning on two-step authentication even easier  , in only one step
 
I got a new iPhone because old one wouldn't charge and was locked out of all my accounts :( took long time to get back in because I changed my phone number in the end I persuaded my network to give me my old phone number back because google wouldn't help even though I could provide username and current password and linked email address no help because access code was sent to old mobile number
 
+Stephen Ingledew 

1. Should've had a back up number.
2. Should've printed the google codes which is located right below the back up number settings. there are 10 codes that google already provide in case a) lost access to the net, b) got your phone locked out and c) just plain don't have any way to generate a new code.
 
I use quality passwords, I don't reuse them on different sites, I am very restrictive about where I type them (never on a borrowed or public or Microsoft machine), I have encrypted backups of the passwords. Why would I want to add a physical token (target) to the mix?
 
+Kent Borg in case someone, through some means, somehow manages to get their hands on a password of yours that matters. Remember when that Certificate Authority leaked a private cert for Google? That coupled with a DNS attack (which is depressingly easy to do) could serve you a clone of any Google service, complete with valid HTTPS certificates and everything, which you and anybody else would happily type their password into. Got a physical token and 2-factor auth? Then awesome, you win that round.

Sure the window between learning of a rogue CA cert and having it removed from browsers is small, but do you want to risk it?
 
Man a lot of you are clueless about how it works. Did you even read the all the details during activation? This app gives you a secure code to log in to your account AFTER you entered your main password. If you don't have your phone, you can enter a backup code (which you should have written down during the activation process). If still you did not do that you can have Google call a second phone (or if you're flashing ROMs, the same phone) for a voice prompt or send a text with a code.
Add a comment...