Author Topic: Use Gmail? Please use 2-factor authentication  (Read 3363 times)

0 Members and 1 Guest are viewing this topic.

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
Re: Use Gmail? Please use 2-factor authentication
The comments say otherwise.

How would a single use app password work anyway?
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 

Offline Fury

  • The Curmudgeon
  • 213
Re: Use Gmail? Please use 2-factor authentication
Works just fine. You generate a password in Google's account settings to be used with certain apps that do not support 2-step authentication. This password is very long and complex and given to an app as the password. It's not single use per-se, but you can generate new one when/if you want.

 

Offline MP-Ryan

  • Makes General Discussion Make Sense.
  • Global Moderator
  • 210
  • Keyboard > Pen > Sword
Re: Use Gmail? Please use 2-factor authentication
Works just fine. You generate a password in Google's account settings to be used with certain apps that do not support 2-step authentication. This password is very long and complex and given to an app as the password. It's not single use per-se, but you can generate new one when/if you want.

Well, it's effectively single-use as there's no way to re-access the generated password - once it's generated, Google displays it only once to be input and saved, and that's it.  Unless you write it down somewhere, you can't see that password ever again.  I suppose there's still the slight chance that it could be brute-forced, but that is minor and it would only allow access to view your account via something other than a web browser (smartphone app, Thunderbird, Outlook, etc) and no access to your account settings.  While someone could read your email, they couldn't send without your knowledge nor change anything, making it pretty obvious if anyone was doing anything untoward other than simply reading activity.

Thus far, I'm pretty impressed with how sleek this is.  I can link to my account from authenticator apps on both my work BlackBerry and personal Android phones, still access email through those devices, and still link it to Thunderbird on my desktop system, while benefitting from the additional security afforded by two-factor authentication.  There's really no hassle involved beyond the 5 minutes it takes to set up.

I do find it a little amusing that people are disparaging two-factor authentication while simultaneously extolling the virtues of KeePass - it's mere presence on a system is a gigantic, singular target.  Personally, I embed a text file in a TrueCrypt-encrypted volume.  Not only does it support better encryption and a plausible-deniability system, but it also supports two-factor authentication via keyfiles.  Dedicated password managers, even excellent open-source ones like KeePass, are a gigantic "TARGET THIS TO CAUSE MAYHEM!" banner ad in the event your system is ever compromised.  Especially with a keylogger.
« Last Edit: April 19, 2012, 12:28:26 am by MP-Ryan »
"In the beginning, the Universe was created.  This made a lot of people very angry and has widely been regarded as a bad move."  [Douglas Adams]

  

Offline Fury

  • The Curmudgeon
  • 213
Re: Use Gmail? Please use 2-factor authentication
TrueCrypt encrypted volume is not readily accessible from everywhere you might need access in. Unless you make the computer remotely accessible. While KeePass is a singular target like LastPass is, it's still better than LastPass because online availability of the encrypted database is on your terms. To counter keyloggers, KeePass supports two-channel auto-type obfuscation. http://keepass.info/help/v2/autotype_obfuscation.html

At some point you just need to draw a line how far you go in protecting your passwords for sake of convenience. My KeePass database is not going to get cracked anytime soon unless someone gains both the master password and keyfile. I still use and recommend Google's 2-way authentication and I use it myself as well.