Google Adds Two-Factor Authentication To Gmail 399
Trailrunner7 writes "Google has introduced a new two-step authentication feature for Gmail users that it says will significantly increase the security of the free mail service. The system enables users to set up a method for obtaining a secret code that will be required, along with a password, to access a Gmail account. The new two-factor authentication system is a voluntary program right now, although it could become mandatory at some point in the future. Gmail, like virtually all other webmail services, has been a frequent target of attacks, both sophisticated and mundane, aimed at hijacking users' accounts. The most famous of these was an attack that was part of the Aurora operation against Google and others, part of which targeted the Gmail accounts of Chinese dissidents."
Great...what if you're without your phone? (Score:4, Insightful)
If this becomes mandatory..then if you have the situation listed above and are at a friend's house or library you can't check your email?
Good idea, bad implementation (Score:4, Insightful)
While I have to applaud Google for trying to keep their users' accounts safe, I have to say that this idea is really untenable. Not everyone has a cellphone, not everyone with a phone carries it all of the time, and you might not always have reception. Just this last summer, I had a month-long internship in Nebraska. The town I stayed at had zero reception on Sprint's network and the nearest cell tower was over an hour away. So, for the entire month, I was without a phone. And last February, I was in Switzerland, where again, I had no cell service.
Furthermore, if my bank can authenticate me without requiring an SMS, then certainly my email provider can do the same.
Re:Good idea, bad implementation (Score:5, Insightful)
While I have to applaud Google for trying to keep their users' accounts safe, I have to say that this idea is really untenable. Not everyone has a cellphone, not everyone with a phone carries it all of the time, and you might not always have reception. Just this last summer, I had a month-long internship in Nebraska. The town I stayed at had zero reception on Sprint's network and the nearest cell tower was over an hour away. So, for the entire month, I was without a phone. And last February, I was in Switzerland, where again, I had no cell service.
Furthermore, if my bank can authenticate me without requiring an SMS, then certainly my email provider can do the same.
This isn't meant for the average joe. It's meant for people with sensitive e-mails. If you think a totalitarian government might be going after you because you're part of a human rights organization, then signing up for two-factor authentication is for you. If your e-mail is basically your friends sending you stupid chain e-mails, then it's not. After all, I do have my cell phone with me all the time, and I don't ever want the inconvenience of two-factor authentication precisely because I carry my cell phone with me all the time: I never go to the gmail web page, I use imap and check my mail with my phone's client (or rather, my phone's client tells me when I have mail).
Android phones already have support (Score:5, Insightful)
Install, "Google Authenticator" to allow for two-factor authentication with your Android device.
Re:Great...what if you're without your phone? (Score:4, Insightful)
Why would you not have your cellular phone with you?
Because I do not OWN a cell phone. They're a huge fucking ripoff and until they get to the point where it's a reasonable price with vendors that aren't asshole oligopolies I will not get one.
Re:Great...what if you're without your phone? (Score:3, Insightful)
Re:why no one time pad with index lookup (Score:4, Insightful)
2-Factor.
Now they can be SURE it's YOU , that they are tracking.
The flaw in GOOG and Yahoo and Hotmail? Social networking "features". They get the email address of every contact you have, and spam them from your address in spoofed headers. All without a login credential.
Re:Great...what if you're without your phone? (Score:5, Insightful)
Or, you know, I don't carry it -- which is what I do now.
Why is it so hard to understand that many of us simply do not carry our cell phones all of the time, nor do we want to? Are you guys so obsessed with your phone you never put it down and walk away and can't fathom that other people don't?
I sure as hell don't want a cell-phone to be an integral part of logging into my webmail.
Re:Great...what if you're without your phone? (Score:3, Insightful)
Authenticator (Score:4, Insightful)
What i really don't get is how my Wow account is more secure then my back account.
http://images.dailytech.com/nimage/8561_product.jpg [dailytech.com]