SEARCH

How-To Geek

Ask the Readers: The Two-Step Login Verification Process – Security Boost or Just Another Hassle?

ask-the-readers-logo-banner-no-shadow

Google recently introduced a new optional two-step login verification process for Google accounts to help increase account security. What we would like to know this week is if you think this will really help improve account security, should be implemented by others in addition to Google, or would simply add a new layer of hassle to using your accounts.

two-step-login-process

Photo by The Official Google Blog.

A lot of people were really excited to hear about Google’s new two-step login verification process becoming available for use on their regular Google accounts. Google Apps accounts have had the option available for a few months, so if you have been waiting for it then now is the time to indulge. You can set up the new two-step verification process through the  Account Settings Page where a user-friendly wizard will help guide you through the setup process. The verification codes will be sent to you on your primary phone, but the setup process will also allow you to establish a backup phone and the ability to create backup codes in case you lose access to your primary phone.

The great thing about the new process is that it is optional…and choice is definitely a good thing. Depending on your past experiences this may be just what you have needed to help keep your accounts safe or just to have a better sense of security for your accounts. Then again this may not be that big of a deal either way for you if the accounts in question do not have a high level of value (or profile) attached to them.

But now on to the meat of the matter. It is highly likely that this could kick-start similar initiatives by others such as Microsoft, Yahoo, Facebook, Twitter, etc. to help improve account security. Is this level of security something that you would like to see available for all of your online accounts? Is it even a good idea/method to improve security? Would you want it to be optional or fixed as a default mandatory setting? Do you think that this would simply add a new layer of hassle to using your online accounts? Is there some other method that you would like to see initialized to improve account security? Let us know your thoughts in the comments!

[polldaddy poll=”4564097″]

Note: You can learn more about Google’s new two-step verification process and how to set it up here:

Advanced sign-in security for your Google account

Akemi Iwaya (Asian Angel) is our very own Firefox Fangirl who enjoys working with multiple browsers and loves 'old school' role-playing games. Visit her on Twitter and .

  • Published 02/16/11

Comments (13)

  1. Ross

    I’m going to give it a try. I love the idea. My worry – and it’s a big one – is that somehow this/these additional steps/options will result in me locking myself out of my account. The printable pieces of paper are great – I’d keep them in my wallet. The phone thing is great, and I’m sure they’ll come with improvements to the method to authenticate esp. for Android and/or Chrome users (fewer steps to accomplish the same thing).

    Again, I fear locking myself out. Wallet and phone get stolen at the same time while out of country (camera was recently stolen out of hotel room in another country – wallet and phone would have been taken too, if they’d been in the room)… Since my business relies pretty heavily on not just gmail but Analytics and AdSense (in particular) – I would freak out of I was locked out of my account for any period of time.

  2. dragonbite

    I’m using the 2-step authority and it works pretty well for the most part. I haven’t had to use the Validation code after the initial login yet as the browser hasn’t logged it out yet.

    The other part that helps is you can set up application passwords. These are strong passwords created by Google which you can have named anything and instead of using your full account’s password used every time (and dealing with the validation code), you use these passwords instead. If you find a system is compromised then you just revoke that password and it no longer works.

    In order to create or revoke that, you have to go through the 2-step process so it’s a little bit safer, and it is a lot easier to revoke that password and create a new one to use instead, than to have to redo your whole account’s password.

    I have my application passwords labeled for my different systems so if I see something running wild and if there is a means to find out which password they are using I’ll know which machine is/was compromised.

    Or if you want to use somebody else’s computer (like a loaner until your replacement one comes in, or your laptop returns from the shop) you can set up an account password, use that and when you’re machine comes back you delete that password.

    The only downside I have so far is when using the Google Chrome OS Notebook, it cannot sync anymore because there is no facility for the validation code,and it won’t take my application password.

  3. dragonbite

    Oh, I forgot.

    When you set up 2-step authentication they also give you a series of one-time use passwords you can use in case you can’t get to your phone (like it is stolen). They say print it up and put it in your wallet (doh!) but you can copy it and put it in other places as well. Heck, what about getting an online file storage location (like Dropbox) and put it in a text box there so you have access to it if you loose your wallet and your phone!

  4. Charles

    world of warcraft did this a while back and it was pretty good, they had stuff incase you didnt put that on your account or if you got hacked / lost device etc.

  5. pandaSmore

    Still not available yet in Canada! :(

  6. Ja5087

    I think there should be a better way. I doubt it will work in the long run or internationally (which is important to me!)

  7. Gasp

    These things are only useful when they work internationally and easily for me. Its a great idea and should be expanded upon but must be kept as an option.

  8. Speedy

    I have a H P computer And I’m on system image backup need to know the location date and time computer ? How do I get this info

  9. Steven Torrey

    I can barely remember all my passwords as it is. Remembering more seems daunting. A while ago, some high school student figured out how to use iris-identification for logging onto the handy-dandy home computer; now iris identification seems practical, do-able, and something that needn’t be memorized.

  10. knightspawn5

    I dont use or will ever have a cell phone. So it just means that I will have to leave gmail if they start this as a default action. There must be a better way of doing security that not a hassle going through so many steps to look at your e-mail……….

  11. knightspawn5

    I don’t like the idea of having to go through so much security to just look at my email. But if they are going to do this why not just have a dual password that once you put in the first code you must put in a second different password that pops up after the first one goes to that may be set up as a numeric code that is specific for each account. That only you should know and no one else can get. Thats for all of us that dont have or use cell phones. Like a pin number for your credit cards…… At least I wont have to go out and buy a cell phone to be able to look at my mail. Or do they thing that because their are cell phones out in the world that we all like to use them….. I hate hearing ring tones all day long, thats why I have a phone with an answering machine on it……

  12. CCF

    Bad Idea, because now they make it COMPULSORY for creating new gmail accounts. Talk about taking away of choices.

  13. ben

    is there a way to make this for you laptop not google?

Enter Your Email Here to Get Access for Free:

Go check your email!