Monday, February 21, 2011

Two-Factor Authentication

No moto content in this post but anyone using Google's Blogger platform or Gmail service should consider taking advantage of their new two-factor authentication service (sometime referred to as two-step authentication). In addition to the normal userid and passphrase used to authenticate into Blogger or Gmail, you will be prompted for a passcode. This passcode can be generated using a free Google app on your smart phone (e.g. Authenticator on my iPhone) or it could be sent to you via a text message. Everytime you run the app, you get a different passcode. I don't know how long it is valid but I suspect on the order of a minute or so. Essentially impossible to guess. So you have to not only know your passphrase but also have possession of your mobile phone. To sync the app with your account, a QR code is displayed on the screen during the setup process. You just aim the camera on your phone at the screen to read the QR code. The app is now synced to your account.

Once the app is setup, you simply run the app after entering your username and passphrase. A code is displayed on your phone, enter it in and you're logged in for the next thirty days. Pretty slick. Many Google apps don't support two factor authentication yet. For these, you generate one time passphrases for each app using the Google account setting website. For example, if you use their IMAP service with your laptop or smartphone, a one time password will need to be generated for your email client to authenticate. This service is a huge step forward and I would encourage anyone with a Google ID turn on this feature. Many of those that comment on this blog have Google IDs.

Edit Tuesday morning - So far, I have three apps that don't support two-factor authentication. IMAP from my email clients on my laptop and phone, Google Voice app on my phone, and the Google Latitude app on my phone. I suspect that I'll probably run into a few more over the next couple of weeks. I now also have it set up on my Google Apps account (hosted domain). You have to enable the feature for the domain.


  1. two factor authentication is what we use to authenticate to our devices in network management. good stuff.

    will look into enabling it for myself though I wonder how that would affect the fact I use pop3 via outlook to get may email from my gmail account.


  2. Charlie6
    The process for POP3 is the same as IMAP or any other app that doesn't support two-factor authentication. So far I have IMAP, Google Voice and Google Latitude set up as unsupported apps. So far, no problems.

  3. Unfortunately, this is going to fly over the heads of 99% of the population -- the very 99% that need this the most, i.e. the "let's use the same password everywhere and write it down on a post-it note stuck to the monitor" group.

    TL;DR: 2-factor authentication is GOOD. USE IT.

  4. Stacy:
    I was thinking the exact same thing while writing the post. But since many of those reading and commenting were also Blogger users, I thought it wouldn't hurt to try and get the message out on this new Google option.

  5. Richard, just like Stacy said "this is going to fly over the heads of 99% of the population"
    I'm an IT guy, I manage the IT department for a small bank and I come in contact with people that have no clue about online security and most of the time use dictionary passwords. It's amazing the lack of basic knowledge.
    Great idea to post this information, hopefully us bloggers know better ;-)

  6. RichardM:

    I also wanted to get in on the action but I prefer 3 factor authentication rather than the two factor due to the fact we are getting snow flurries tomorrow.

    Wet Coast Scootin

  7. "It's like you're trying to speak to me. I know it. Look. You're really cute, but I can't understand what you're saying. Say the first thing again."

    Sorry...had to with the mention of this going over most peoples heads! LOL. Great information!