Do I really need to bother with Google's 2-Step Verification system? I don't need more hassle and my passwords are pretty good.
(Updated: March 28, 2016)

Hassle? You think that setting up 2-step (aka "2-factor") authentication is a hassle? You don't know the meaning of the word "hassle" until some joker on the other side of the planet rips off your account because your pretty good passwords actually were just this side of Bozo the Clown by today's standards. Google does its best to limit what it views as suspicious logins from unfamiliar places (and notifies you of logins on new devices), but to rely on passwords alone is still taking a big risk. Really, even if you never share your passwords between different companies' services (sharing them that way is a terrible practice), and your passwords seem better than the one here: -- passwords are still dead man walking.

Yeah, they're history, toast, so stone age that Fred Flintstone would know better than to rely on them alone now when additional options are available.

You simply cannot trust passwords alone today, because so many technological changes have rendered them increasingly vulnerable. Whenever you're offered the ability to use 2-factor systems on your accounts anywhere, even though some of the implementations are relatively crude and substandard, they'll virtually always be better than just relying on passwords, no matter how long, convoluted, and probably difficult to remember you make your "pretty good" passwords. I used to offer guidelines on picking relatively good passwords that would be relatively easy to remember -- there are a variety of techniques.

But even the best of passwords is enhanced enormously by properly implemented 2-factor systems.

And frankly, Google's 2-factor deployment is pretty much the best I've seen anywhere, with the most flexibility. Once you've logged in 2-factor on Google, you can choose to "remember" that status for the current computer or other device, and need usually only provide the 2-factor information again for new logins on new machines. You can receive the 2-factor codes by text messages, voice phone calls, or use an authenticator app that doesn't even need telephone or Internet access -- and printable backup codes can be carried with you as well. You can also choose physical USB security keys that are even more secure. The Google 2-factor system will also work with most apps that need to log in (e.g. Thunderbird for email), using "App Passwords" as explained here:

The point is, there are so many ways to secure your Google account with 2-step/2-factor authentication, that there's no valid excuse for not doing so. You seriously don't want to fall afoul of a sophisticated phishing attack, and end up lying in the dark at 4 AM wondering why you hadn't set up 2-factor to prevent this in the first place.

Convinced now? I hope so. Please, check with your various services and see if they have 2-step/2-factor authentication, and use it if available. The details on setting this up for your Google account -- along with lots of other related information are here:

Just do it. Don't be sorry later.

Be seeing you.

-- Lauren --
I have consulted to Google, but I am not currently doing so -- my opinions expressed here are mine alone.
Shared publiclyView activity