Sign in with
Sign up | Sign in

Googler Reminds Users to Turn on Two-Step Verification

By - Source: Mattcutts.com | B 23 comments

Protect yourself from hacks before it's too late.

If you've been keeping an eye on tech news over the last five days, you've no doubt heard all about Wired reporter Mat Honan and the hack that saw his MacBook, iPhone, and iPad wiped, his Google account deleted and his Twitter handle hijacked. Mat describes what happened and how the attackers pulled off their epic hack in a lengthy posting on Wired. However, he also admits that had he had Google's two-step authentication enabled, the whole thing could have been prevented.

Not too long after news of the hack hit the internet, Google's Matt Cutts published a post to his personal blog encouraging people to enable the security feature. "Two-factor authentication means 'something you know' (like a password) and 'something you have,' which can be an object like a phone," he explains.

The idea is that hackers would need to have both your password and your cell phone to access your account. If you don't have your phone on you, you can choose to send the code to a secondary number (which is selected when you enable two-step authentication). If that's also not an option, you can use one of the ten codes Google gives you when you first enable it. These are for those special circumstances when you're without your phone but need to authenticate your password.

Cutts explains that there are some common misconceptions about two-step authentication such as the idea that you have to enter in a pin code every time you want to sign in, that you need to have cell signal if you want to use it (not true if you download a special app), or that two-step doesn't work with POP or IMAP. You can check out his post here for answers to these questions.

It's important to remember that while Honan said two-step verification would have saved him from losing all of his important data and his Google account, he also lamented the fact that he had tied such vital services, his Gmail and iCloud accounts, together. Suffice to say, it's handy to have a one or two unimportant accounts for password recovery.

Do you have two-step authentication enabled? Let us know in the comments below!

Follow @JaneMcEntegart on Twitter.                     

 

Contact Us for News Tips, Corrections and Feedback

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 10 Hide
    classzero , August 9, 2012 1:07 PM
    Come on in, the cloud is perfectly safe . . .
Other Comments
  • 10 Hide
    classzero , August 9, 2012 1:07 PM
    Come on in, the cloud is perfectly safe . . .
  • 1 Hide
    hardcore_gamer , August 9, 2012 1:08 PM
    What is googler ?
  • Display all 23 comments.
  • 0 Hide
    damianrobertjones , August 9, 2012 1:10 PM
    ...oh and while you're at it don't run as Administrator within Windows 7. Create two accounts, once called (For example) security. Add a nice password with underscore, this will be your admin account. Now create a new account called Family... configure the account changing things like the pop-up blocker to High within ie9 (Yeah, there's a reason why you get pop-ups) then change that account to a standard user.

    if you want to do something scary you will be prompted for the admin password from the Security account.

    This stuff should now be common knowledge but isn't. Spread the POSITIVE.
  • -6 Hide
    mrmaia , August 9, 2012 1:10 PM
    Ever since I had the unfortunate idea to link my cellphone to a Google account, I receive everyday ~4 SMS with advertising - mostly music shows, given my Youtube account is a music one. Google sucks.
  • 2 Hide
    lightsol , August 9, 2012 1:15 PM
    Have been using the 2 step verification since release, and i would say that its the best thing to come along security wise.
  • 1 Hide
    techguy911 , August 9, 2012 1:33 PM
    And what if you don't have a phone? then what? not everyone has a cell.
  • 2 Hide
    tupz , August 9, 2012 1:37 PM
    techguy911And what if you don't have a phone? then what? not everyone has a cell.


    Funny guy you are
  • 1 Hide
    techguy911 , August 9, 2012 1:38 PM
    What if your SMS is hacked it is not really secure and VERY easy to hack bad idea for security feature.
  • -2 Hide
    wiyosaya , August 9, 2012 2:10 PM
    So his account was hacked, and now Gaggle is blaming him. Well, maybe this is correct, maybe not.

    Should not Gaggle have "two step verification" turned on by default?

    All this "you're secure with us" crap is an enticement to lure the unsuspecting into the spider web.

    Besides, terabytes of storage are extremely inexpensive these days. IMHO, anyone with any brains should not trust their irreplaceable data to the cloud. Buy a few TB disks, RAID them - at least in a RAID 1 configuration on your home PC, and you are at least as safe if not safer by default than with irreplaceable data stored on a cloud server somewhere.

    I feel somewhat sorry for this guy, but this exposes another situation where a "tech geek expert" has shown his true mettle is lacking.
  • -2 Hide
    hallic7 , August 9, 2012 2:15 PM
    classzeroCome on in, the Icloud is perfectly safe . . .


    Fixed!!!!!

    /sarcasm
  • -2 Hide
    xanagu , August 9, 2012 2:42 PM

    Look, Google just saw crapple failures, and improved their own security. THIEVES!!!
    GIMME 1 MILLION DOLLARSS!!
  • 2 Hide
    eddieroolz , August 9, 2012 2:54 PM
    Not giving my phone number to Google. No way.
  • 1 Hide
    Anonymous , August 9, 2012 3:07 PM
    Google should learn from Blizzard Authenticator on smartphones. Give out phone number to google, hello no, you will receive ads. Google intends to make more money out of you.
  • 1 Hide
    Marcus52 , August 9, 2012 3:09 PM
    Google fanboys can thumb down negative comments all they want, it doesn't stop Google from being another security nightmare like Facebook.

    At least they have provided a two-step verification system for those who are conscious enough to use it, I have to give them credit there.

    ;) 
  • 3 Hide
    techcurious , August 9, 2012 3:17 PM
    To secure my account, why should I have to give Google my cell phone number and risk someday receiving SPAM from them or their affiliates by SMS? I never like to give out my contact information to companies!
  • 0 Hide
    DRosencraft , August 9, 2012 3:23 PM
    I think some people are misunderstanding how this thing works. You set up an account for whatever. Two-step authentication sets up so that if there is a weird circumstance during the login process (you mess up too many times, it takes too long to process, etc.) you get a message that asks you to choose a place to send a code (phone or e-mail address setup earlier). It's a one-time use code that can only be used for a short period (15-30 mins. I think). You have to put this code in to complete the login. If you don't, then you're not allowed to login. Wait too long and the code expires, you have to try again and get a new code. I have a credit card that does the same thing for longing in to your account. It's not the end-all of security, but most computer hackers aren't going to hack your phone in the brief usability time of a code sent there. To be honest, I only have a g-mail account that I use as a secondary e-mail account. There's not much in there.
  • 0 Hide
    ZakTheEvil , August 9, 2012 3:50 PM
    Marcus52Google fanboys can thumb down negative comments all they want, it doesn't stop Google from being another security nightmare like Facebook.At least they have provided a two-step verification system for those who are conscious enough to use it, I have to give them credit there.


    I'm confused... I though there were only Apple fanboys... now we have Google fanboys too? What about Yahoo fanboys? What do you use? Cans strung up with wire? Oh, wait... you're trolling....

    davidxwGoogle should learn from Blizzard Authenticator on smartphones. Give out phone number to google, hello no, you will receive ads. Google intends to make more money out of you.


    Paranoia much? Google had my # for years and I never received a single add on my cell.

    hardcore_gamerWhat is googler ?


    A person who googles maybe:) 
  • -1 Hide
    jarred125 , August 9, 2012 5:21 PM
    john_4Must be Google trolls here since they are thumbing you down, probably the same little trolls who love MS and their Crapbox 360.


    Wow, what an original name like "Crapbox 360". Do you intentionally try to loose all credibility when making up names like a 10 year old child? Do you also still spell it Micro$oft?

    I've had my number with Google for quite some time and NEVER receive spam messages. But hey, what can you expect from a guy who uses words like "crapbox 360" ... good one.
  • 0 Hide
    Anonymous , August 9, 2012 5:37 PM
    I absolutely use two step verification.
  • 1 Hide
    frank_drebin , August 9, 2012 6:08 PM
    techguy911And what if you don't have a phone? then what? not everyone has a cell.


    Wait, what?
Display more comments