Security Blog

The latest news and insights from Google on security and safety on the Internet

2-step verification: stay safe around the world in 40 languages

July 28, 2011
Share on Twitter Share on Facebook
Google

8 comments :

Joshbw said...

any chance an app for Windows Phone is on the way?

July 28, 2011 at 1:41 PM
Steve said...

2-factor authentication is great, but I already have a YubiKey on my keychain. I think it would be great if Google supported YubiKey. Thanks!

July 28, 2011 at 1:42 PM
Anonymous said...

I follow a couple of Google Blogs, which are very useful in keeping updated.

It pains me that all Blogs do not have a consistency in terms of being able to subscribe by email.

Some do allow email subscription, most do not.

What a pity since email allows me to choose only the blogs I REALLY read as opposed to "READ when FREE" type blogs on my Google Reader.

So, Please enable email subscription for all Google Blogs.

July 31, 2011 at 5:37 PM
Alex said...

The "Remember location for 30 Days" tick box just uses a cookie, which for me is redundant as I clear cookies on exit (Chrome, Firefox, etc.). This means I have to always enter a verification code, which to be honest doesn't bother me too much but possibly could be better without impacting the effectiveness of the security.

Using Ubuntu One as an example, machines are authenticated against an account. The list of authorised machines can be shown and any authorised machine can be de-authorised (from anywhere).

Could something similar be incorporated into two-step? Still the same process but instead of identifying a machine by a browser cookie (I.e. client-side) the machine itself is identified and the list of authorised machines be maintained server-side.

The Google Dashboard could be updated to allow users to manage their authorised machines.

Maybe a manual process is required to add a machine to the list of authorised machines. Remove the tickbox for "Remember..." so that you can never really accidentally add a "public" machine to that list.

Either way using 2-step and think it's a good idea. Thank you for the feature.

August 3, 2011 at 6:32 AM
MD Security said...

Are sites like spy.scorpio.com really cracking accounts and getting passwords or is there an insider helping these Crackers out?

August 15, 2011 at 4:41 PM
Katan said...

The one thing I don't like about thsi feature is the "Thank you for using..." part which comes up initially. Just give us the code up front (repeat twice).. then say the "Thank you..." message.

1. Its a waste of everyones time to listen to this message up front.
2. I think you are wasting energy unecessarily forcint people for a few seconds to listen to it... I am sure it will save a few barrels of oil if you remove that message up front.

September 5, 2011 at 11:52 PM
Anonymous said...

Have you got the latest stats on how many gmail.com accounts are compromised per day?. This would be a more compelling argument for enabling 2-step verification

October 20, 2011 at 9:15 AM
Unknown said...

Hi,
I generally find 2-step authentication a great feature, but the way it is implemented doesn't work for me for a number of reasons, the main one being that I frequently travel where I do not have mobile access, and one-time codes are a security risk.

Now I am less concerned in my account being accessed for read / write, but totally hijacked, i.e. password changed.

Wouldnt it have been better for special cases as myself and the general population, if standard account access was via simple password, BUT if chnaging account access, i.e. password, THEN some form of 2-step authentication would be required.

I think this would have been a good half-way house, and more likely with a higher adoption rate...

Just thinking
marcel

September 22, 2012 at 5:07 AM

Post a Comment

  

Labels


  • #sharethemicincyber
  • #supplychain #security #opensource
  • android
  • android security
  • android tr
  • app security
  • big data
  • biometrics
  • blackhat
  • C++
  • chrome
  • chrome enterprise
  • chrome security
  • connected devices
  • CTF
  • diversity
  • encryption
  • federated learning
  • fuzzing
  • Gboard
  • google play
  • google play protect
  • hacking
  • interoperability
  • iot security
  • kubernetes
  • linux kernel
  • memory safety
  • Open Source
  • pha family highlights
  • pixel
  • privacy
  • private compute core
  • Rowhammer
  • rust
  • Security
  • security rewards program
  • sigstore
  • spyware
  • supply chain
  • targeted spyware
  • tensor
  • Titan M2
  • VDP
  • vulnerabilities
  • workshop


Archive


  •     2025
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2024
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2023
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2022
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2021
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2020
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2019
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2018
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2017
    • Dec
    • Nov
    • Oct
    • Sep
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2016
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2015
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2014
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • Apr
    • Mar
    • Feb
    • Jan
  •     2013
    • Dec
    • Nov
    • Oct
    • Aug
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2012
    • Dec
    • Sep
    • Aug
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2011
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
  •     2010
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • May
    • Apr
    • Mar
  •     2009
    • Nov
    • Oct
    • Aug
    • Jul
    • Jun
    • Mar
  •     2008
    • Dec
    • Nov
    • Oct
    • Aug
    • Jul
    • May
    • Feb
  •     2007
    • Nov
    • Oct
    • Sep
    • Jul
    • Jun
    • May

Feed

Follow
Give us feedback in our Product Forums.
  • Google
  • Privacy
  • Terms