Googler Reminds Users to Turn on Two-Step Verification

If you've been keeping an eye on tech news over the last five days, you've no doubt heard all about Wired reporter Mat Honan and the hack that saw his MacBook, iPhone, and iPad wiped, his Google account deleted and his Twitter handle hijacked. Mat describes what happened and how the attackers pulled off their epic hack in a lengthy posting on Wired. However, he also admits that had he had Google's two-step authentication enabled, the whole thing could have been prevented.

Not too long after news of the hack hit the internet, Google's Matt Cutts published a post to his personal blog encouraging people to enable the security feature. "Two-factor authentication means 'something you know' (like a password) and 'something you have,' which can be an object like a phone," he explains.

The idea is that hackers would need to have both your password and your cell phone to access your account. If you don't have your phone on you, you can choose to send the code to a secondary number (which is selected when you enable two-step authentication). If that's also not an option, you can use one of the ten codes Google gives you when you first enable it. These are for those special circumstances when you're without your phone but need to authenticate your password.

Cutts explains that there are some common misconceptions about two-step authentication such as the idea that you have to enter in a pin code every time you want to sign in, that you need to have cell signal if you want to use it (not true if you download a special app), or that two-step doesn't work with POP or IMAP. You can check out his post here for answers to these questions.

It's important to remember that while Honan said two-step verification would have saved him from losing all of his important data and his Google account, he also lamented the fact that he had tied such vital services, his Gmail and iCloud accounts, together. Suffice to say, it's handy to have a one or two unimportant accounts for password recovery.

Do you have two-step authentication enabled? Let us know in the comments below!

Follow @JaneMcEntegart on Twitter.                     

 

Contact Us for News Tips, Corrections and Feedback

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
23 comments
    Your comment
    Top Comments
  • Come on in, the cloud is perfectly safe . . .
    10
  • Other Comments
  • Come on in, the cloud is perfectly safe . . .
    10
  • What is googler ?
    1
  • ...oh and while you're at it don't run as Administrator within Windows 7. Create two accounts, once called (For example) security. Add a nice password with underscore, this will be your admin account. Now create a new account called Family... configure the account changing things like the pop-up blocker to High within ie9 (Yeah, there's a reason why you get pop-ups) then change that account to a standard user.

    if you want to do something scary you will be prompted for the admin password from the Security account.

    This stuff should now be common knowledge but isn't. Spread the POSITIVE.
    0