Security

[andrewducker]

I just turned on two-factor authentication for my main google identity (andrew@ducker.org.uk)

Which means I now have an app on my phone that generates a key, and every time I access Google from a new device I have to enter the current key (it changes over time).

In addition, it enforces a different, generated, password for each non-web application that accesses it. And setting these up has made it obvious quite how much I use Google.

There's IMAP on my desktop, laptop and phone. SMTP likewise. Address book sync to Thunderbird on laptop and desktop, and Google Sync on the phone (for calendar, address, etc.)

What's nice is that I can now revoke any of these. So if my laptop went missing I can lock it out of my email instantly. And likewise with my phone. Which gives me a nice feeling of security.

Comments

[cheekbones3]

Hmm, still only most searches and my fourth-choice e-mail account. They've not persuaded me yet!

[strawberryfrog.livejournal.com]

I took a look at Google's TFA, and found it annoying enough to abandon half-way through setup. I entered my mobile phone number, fine. I copied a list of numbers .. uh, ok. It asked me for a second phone number. I really don't care about the land-line at home so I tried to skip this. It aborted.

[octopoid-horror.livejournal.com]

What if you lose your laptop and phone at the same time?

[andrewducker]

I'd need to lose my laptop, phone and desktop all at the same time.

In which case I have a series of ten numbers printed out that Google insisted I print as part of the signup process, that can be used to get me back in.

Failing all of that, I'd have to wait until I got a new phone of some kind on the same number, and they'll send me an SMS there.

So I _could_, theoretically, end up entirely locked out - but I'd have to really work at it.