Google's 2 step verification

yes it still does as you can deactivate those passwords very easily.

like my android phone and tablet, thunderbird all use different passwords and you can remove them.

only time you use the main password is in a browser.
 
A malicious program that could do what exactly? You can just revoke the password from your application list easily.
 
I'm using it, it's very reassuring. I checked email at the girlfriend's last week, and it asked me for a security code, which came through faster to my phone than the page loading. It's nice to know no one else is accessing my email (which is horrible, as I had my gmail account hacked a few years ago!)
 
MrMoonX said:
2 step is a pain in the rump, i tried it for a month but its too damn infuriating
Click to expand...

How?

If you have a compatible smartphone then you install the app which gives you an immediate code to enter into your application's password box when logging in via your browser, you tick the box that validates that computer for 30 days....job done.

If you use 3rd party apps to access your account (GMail Backup, Thunderbird/Poutlook etc) then you assign application specific passwords which only expire when you revoke them.

I can't see it being any more simple really and using the above there's no faffing with waiting for an SMS to arrive or whatever.

I used to not use it because I thought it would be a hassle especially as I switch ROMs on my Android phone a lot but it's so easy it's unbelievable, you don't even need to set up an application specific password for the Android signin service itself, just normall password and use browser login which then auto adds a full access privilege to your account once you've used one of the printable codes which you will have already kept somewhere safe when activating 2Step.
 
Last edited:
I use the two-step with the sms message and find it really fast.. I imagine this is the way to go with internet security..

Activated it after gmail warned me someone from korea had tried to access my email
 
I use it but would prefer an internet banking style system whereby you get asked for random digits of a code. I dont always have my phone with me and its a pain when logging in and I have forgotten my phone, etc. I havent turned it off, but I seem to use the gmail web version less due to the hassle of having to find my phone each time. A random digit entry such as internet banking would be much better in my opinion.
 
But the system is still (and will always be) flawed if you give an application password to a malicious program as you can't choose what that password has access to.

You can actually use the application specific passwords to login via the browser and it just lets you in...(well it did when I tried it a while ago)...so giving one of these passwords to the wrong application will open yourself up to attacks.
 
Cheetah Designs said:
But the system is still (and will always be) flawed if you give an application password to a malicious program as you can't choose what that password has access to.

You can actually use the application specific passwords to login via the browser and it just lets you in...(well it did when I tried it a while ago)...so giving one of these passwords to the wrong application will open yourself up to attacks.
Click to expand...

Why would you give the wrong password to another app? The name Application Specific should give that away anyway and if you assign an application specific password (only you can do this) to a malicious app then it’s your own fault surely.
 
mrk said:
Why would you give the wrong password to another app? The name Application Specific should give that away anyway and if you assign an application specific password (only you can do this) to a malicious app then it’s your own fault surely.
Click to expand...

In addition, if a malicious application does get the application specific password - you can remove that password. You main password remains a secret so you haven't lost that as well. It is a better system than just having one password for everything.

EDIT: Also, the generated passwords are far more secure than most users normal password.
 
Last edited:
mrk said:
Why would you give the wrong password to another app? The name Application Specific should give that away anyway and if you assign an application specific password (only you can do this) to a malicious app then it’s your own fault surely.
Click to expand...

Malicious is the wrong word here. I'll give a specific example I am facing/what made me think about this.

Currently I wish to have a Google Talk application on my iPhone. There is no app directly from Google so I have to use a third party app. Now the application developers themselves may not use the information, but they still have to store my login details unencrypted in a database so they can login via their service. That means that if they get hacked, or an employee wishes to, they could find my login details and sell them on.

EDIT: I do agree its a better system that having just one password...I was just saying, it would be nice to be able to choose what the application has access to.
 
If the devs are indeed storing passwords unencrypted then the app would not be allowed on Apple's iPhone Market - Or is that incorrect?

Also, you can't re-use an already assigned application password with another application can you. If you assign a pass to Talk for iPhone then try to use the same application password for another iPhone App that logs in via your Google account, that won't work?
 
You must log in or register to reply here.
Back
Top Bottom