Google Adds Two-Factor Authentication To Gmail

Trailrunner7 writes "Google has introduced a new two-step authentication feature for Gmail users that it says will significantly increase the security of the free mail service. The system enables users to set up a method for obtaining a secret code that will be required, along with a password, to access a Gmail account. The new two-factor authentication system is a voluntary program right now, although it could become mandatory at some point in the future. Gmail, like virtually all other webmail services, has been a frequent target of attacks, both sophisticated and mundane, aimed at hijacking users' accounts. The most famous of these was an attack that was part of the Aurora operation against Google and others, part of which targeted the Gmail accounts of Chinese dissidents."

Great...what if you're without your phone?

[cayenne8]

So..what happens if your phone is out of power, or lost or you just plain don't carry the damned thing EVERYWHERE you go?

If this becomes mandatory..then if you have the situation listed above and are at a friend's house or library you can't check your email?

Good idea, bad implementation

[Lord Byron II]

While I have to applaud Google for trying to keep their users' accounts safe, I have to say that this idea is really untenable. Not everyone has a cellphone, not everyone with a phone carries it all of the time, and you might not always have reception. Just this last summer, I had a month-long internship in Nebraska. The town I stayed at had zero reception on Sprint's network and the nearest cell tower was over an hour away. So, for the entire month, I was without a phone. And last February, I was in Switzerland, where again, I had no cell service.

Furthermore, if my bank can authenticate me without requiring an SMS, then certainly my email provider can do the same.

Re:Good idea, bad implementation

[LateArthurDent]

While I have to applaud Google for trying to keep their users' accounts safe, I have to say that this idea is really untenable. Not everyone has a cellphone, not everyone with a phone carries it all of the time, and you might not always have reception. Just this last summer, I had a month-long internship in Nebraska. The town I stayed at had zero reception on Sprint's network and the nearest cell tower was over an hour away. So, for the entire month, I was without a phone. And last February, I was in Switzerland, where again, I had no cell service.

Furthermore, if my bank can authenticate me without requiring an SMS, then certainly my email provider can do the same.

This isn't meant for the average joe. It's meant for people with sensitive e-mails. If you think a totalitarian government might be going after you because you're part of a human rights organization, then signing up for two-factor authentication is for you. If your e-mail is basically your friends sending you stupid chain e-mails, then it's not. After all, I do have my cell phone with me all the time, and I don't ever want the inconvenience of two-factor authentication precisely because I carry my cell phone with me all the time: I never go to the gmail web page, I use imap and check my mail with my phone's client (or rather, my phone's client tells me when I have mail).

Android phones already have support

[GooberToo]

Install, "Google Authenticator" to allow for two-factor authentication with your Android device.

Re:Great...what if you're without your phone?

[Beardo the Bearded]

Why would you not have your cellular phone with you?

Because I do not OWN a cell phone. They're a huge fucking ripoff and until they get to the point where it's a reasonable price with vendors that aren't asshole oligopolies I will not get one.

Re:Great...what if you're without your phone?

[seifried]

You know just because you carry a cell phone doesn't mean you have to answer it (or even leave it on). You can also send the call to voice mail, or if you don't have voice mail just ignore it/mute it.

Re:why no one time pad with index lookup

[Jeremiah Cornelius]

2-Factor.

Now they can be SURE it's YOU , that they are tracking.

The flaw in GOOG and Yahoo and Hotmail? Social networking "features". They get the email address of every contact you have, and spam them from your address in spoofed headers. All without a login credential.

Re:Great...what if you're without your phone?

[gstoddart]

Or, you know, I don't carry it -- which is what I do now.

Why is it so hard to understand that many of us simply do not carry our cell phones all of the time, nor do we want to? Are you guys so obsessed with your phone you never put it down and walk away and can't fathom that other people don't?

I sure as hell don't want a cell-phone to be an integral part of logging into my webmail.

Re:Great...what if you're without your phone?

[__aaxtnf2500]

Hey there are plenty of Machine looms still in use all over the country. I think you can find one to go smash rather than attempt to convince the people on a technology forum that the ability to wirelessly communicate outside of your home is for fancypants techno-fiends intent on throwing their money away to "the man."

Authenticator

[toastar]

Yeah,

What i really don't get is how my Wow account is more secure then my back account.
http://images.dailytech.com/nimage/8561_product.jpg [dailytech.com]