Skitch Is Great!
The Theory of Relativity: Is It Time to "Teach the Controversy" in America's High Schools?

Something You Have... and Something You Know...

Imminent death of the password. Film at 11.

John Gordon:

Gordon's Tech: RIP Password - Google's two factor authentication: Google is rolling out comprehensive mobile phone based two factor authentication to regular Google accounts ...

Official Google Blog: Advanced sign-in security for your Google account: ... If you like, you can always choose a 'Remember verification for this computer for 30 days' option, and you won't need to re-enter a code for another 30 days. You can also set up one-time application-specific passwords to sign in to your account from non-browser based applications that are designed to only ask for a password, and cannot prompt for the code....

Some notes from the help page....

Soon after you turn on 2-step verification, non-browser applications and devices that use your Google Account (such as Gmail on your phone or Outlook), will stop working. You'll then have to sign in using your username and a special password you generate for this application...

If you have an iPhone, iPod or iPad, we recommend you use the Google Authenticator application to generate verification codes...

Adding a backup number ensures you can receive a verification code to sign in even if your primary phone isn't available or working...

After you set up your phone to receive verification codes, you will be given 10 backup codes. These backup codes can each be used once each to substitute for a verification code...

If you've lost access to your phones, you can always sign in using one of your printed backup codes....

Soon it will be safe to use my Google services on untrusted (keystroke logger possible) machines -- like my office XP box. I'll configure my trusted machines to remember verification. My iPhone will run an RSA-token like authentication code generator. I will keep at least one backup code in my wallet - albeit in a permuted form. Of course I will wait several weeks before I switch over. I'm no fool. I'll let the brave and inexperienced take the arrows of early adoption. The traditional password isn't quite dead yet, but it has one (rotted) foot in the grave. Thanks Google. Special credit for making Google-authenticator open source and standards based ...

Comments