Shared publicly  - 
 
Hey, G+ users -- turn on 2-factor authentication for your Google accounts. Do it now.

Why?

Password-only authentication is Disco-era technology, little more sophisticated than the ancient Roman watchword. Underlying flaws in the architecture of the Internet combined with modern web technology makes every web page and banner ad a potential spy, waiting to steal your password.

2-factor improves on this sorry state of affairs by requiring another piece of information to log in -- a one-time-use code that is sent to your mobile phone. So unless an attacker has both your password and your mobile phone it will be much harder for them to access your account. Yes, it's a little less convenient. But it's much more secure. And it sure beats having some stranger using your account to scam money from your friends.

Here ends the PSA. Do it and you'll thank me later.
77
94
James Folsom's profile photoRichard DeVaul's profile photoTrudy Connor's profile photoJake Weisz's profile photo
41 comments
 
I started using this the second it came out and LOVE it. It is without question the single most important feature Gmail has, and sadly, it is painfully under advertised by Google. I look forward to the day you guys make this the default on every account.

Hey +Richard DeVaul, you should start an internal campaign to get every Googler to share this post, or make there own.
 
I tried following directions to set this up once and I became confused disoriented...and failed. Is anything simple?
 
Been using 2-step for quite a while now and absolutely love it. Especially love not having to give my account password to any third party apps that use Google (app specific passwords).
 
Yeah, I have mine to check my identity on all my synced devices regularly. It's not a burden, unless it happens in the middle of a good G+ rant. :D
 
I had my Gmail account hacked, and I started using it as soon as it was available. The downside has been that not all google products support two-factor authentication. Specifically, the Google Apps desktop bundle, and Google Calendar Sync.
 
I have been using 2-step verification for more than a year and it's really good.
 
I'd rather see PKC, that utilizes my phone. Until then, I reckon 2-factor is a good thing.
 
why do i get all this stupid by these asshole?
 
I always use two-step verification! It always used to feel weird to me that my World of Warcraft account was more secure than my email.
 
Tried 2-factor for a few months. It was a PITA. Similar issue to Windows Vista needing admin privileges to change the desktop background.
 
I did turn it on. But for someone who flashes ROMs on his phone as often as I do, it is a bit tedious setting everything up right from scratch with every new install. So, after 3 months of use, I turned it off. :S
 
Took a week to get used to it. All good now, and feel a lot more secure about all of my data.
 
+Nicholas Petroski +Ekuba Afonu And showering in the middle of a rain storm is also more convenient than going home and dealing with a shower curtain. Use what works for you, just remember to stay clean...

+Melanie Holzman good plan on the WOW account.Now if only more things allowed more secure Q/A's than stuff like a mother's maiden name. In the past 16 years or so, I've only seen one website that used security questions that weren't going to be easy for a stalker, attacker, or enemy to Googlize.
 
why can't they make an exception when the same PC is knocking? And complicate things when the PC is another?
 
+Monique Jacobse how can they tell that PC isn't a laptop and that it's been stolen, or if it's not someone using your computer while you're in the rest room?
 
I tried using this, but after too many headaches trying to get it to work I removed it. Has it gotten better since the initial release?
 
I have been using it for quite awhile manage to get my iphone receiving Gmail. Now to set up address book in Iphone (iphone for 2 weeks now)
 
You picking up the tab for the extra text message feature I would need to add to my phone?
 
For those suggesting "mother's maiden name" security question schemes as an alternative, secondary passwords (as these security questions should properly be termed) are almost always less secure than primary passwords. First, they can be intercepted by the same key logging techniques. Second, they are often much easier to guess. When you answer security questions don't use simple literal answers, such as the name of your pet or your mother's actual maiden name. Make up another secure password that has nothing to do with the question.

Google's 2-factor system works because the one-time codes can't easily be predicted and are sent to your phone by SMS, which is relatively difficult to intercept. This scheme isn't perfect but it is much more secure than using a password alone.

Again, here is a link to the google blog article that explains how google's "2-step verification" works: http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html
 
I used to use it, but it drained the battery on my iPod touch really badly. Generating codes 24/7 tends to do that. Until I hear that that problem is fixed, I'll take the risk of no one guessing my password.
 
+Terry Poulin I meant a normal PC, not a laptop - why can't they simply let people decide for themselves?
 
I've been using Google's two factor authentication since early days. And as Google collects more of their products into their unified feature-set, more and more parts of Google accept two-factor log in. Keeps everything secure.
Only other company that comes close is Blizzard with it's Battle.net authenticator. My credit card companies don't offer the same level of security as a game company. Does that seem right to you?
 
+Monique Jacobse For two factor auth, AFAIK they do. At the multiple-computer bit, sadly there is no real way to be sure it is the same PC again (or that it's specifically a normal desktop PC), only that it's the same browser cookie. And that will eventually become stale or get eaten.
 
Turned out to be Useless for me. I cannot access my Gmail anymore on my Phone .. Disabled it, back to the basics ..
 
+Mayur Bhatia I tried that but I'm not running it through any App .. .. Running it on my Windows Phone
 
Remember to set up application-specific passwords for devices that don't take 2-step authentication. So things that don't 2-step, the Android phone, Chromebook, etc., all get a password to remember so they can log in. That would fix +Lord Blade's Gmail on the Phone issue. Then browsers (Chrome and Firefox) on computers I control and trust also get an application-specific password to simplify using my Google account on those. You can kill those passwords and the device's access from your account settings if the device is lost or compromised.
 
When I set-up a Google account on the phone, it asks for User name and password, the server it picks up is m.google.com and that is it. Anyways I'm not interested .. Doesn't matter to me.
 
Well, I like it and how easy and integrated it makes everything feel.
 
+Michael Rainey yeah, tell me about it. Games like that get more Security TLC that some entire financial institutions invest.
Add a comment...