Tool of the Week: Google 2-step verification

The things someone could do with access to your e-mail is a bit scary. Not only do have access to any linked bank accounts and other personal information, but also your friend's and families' contact info, where they can start phishing and trolling from a trusted source.  Your e-mail is used to recover lost or stolen passwords to all sorts of sites, and so if someone has your email, they can basically get into any site with that address linked for recovery.

Google's 2-step verification has been around for a little while, but I wasn't convinced to go through the hassle of setting it up until I read this guy's story, where through a simple security flaw in amazon, and then another simple security flaw through apple, hackers were able to erase his hard drive (including pictures, work documents, and all sorts of valuable personal stuff), steal his account information for social sites like twitter, and potentially have access to his financial information.

I was hesitant about 2-step verification for a few reasons.  After looking into it, i realized all my qualms were already handled.

  1. I don't want to have to look at it every time I want to log into my computer.
    1. I learned that once you set up a computer or device, you can choose to only have to enter a new verification once a month
  2. I didn't want extra steps when checking email on my phone
    1. Turns out, you can set up devices like your smartphone with secure passwords that google generates, so you don't need to verify it at all.
  3. What happens when I don't have cell service (I get horrible reception in my office).
    1. Google has an app for many models of smartphone that will generate passwords that expire every minute.  You can use this app when you don't have service, or when you're abroad and can't get texts.
  4. What if I don't have my phone, or its battery is dead?
    1. You can print out a list of one-time-use verification codes to keep in your wallet when you can't use your phone.  If you use them all, you can print out a new list.
  5. What happens if someone steals my phone, or wallet with the verification codes?
    1. Either way, you're better off with more security layers than less. The codes have no identification for who they're for, or even what they're for.  The theif will still need your e-mail address and password, in addition to the verification codes, to login to your e-mail.   If someone steals your phone, you have the option of logging in on a computer and resetting all your devices so nobody can log in without a new set of codes!
It took me about 10 minutes to set up 2-step verification on all my devices, while I was drinking my coffee this morning.  It took me an extra 10 second step to log into a public computer on campus today, but I supposed the added security and peace of mind is worth my time.  It seems I'm sold on using 2-step verification, and it sounds like many security experts also recommend it.