dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
22

brg
Premium Member
join:2001-01-03
Chicago, IL

brg to ropeguru

Premium Member

to ropeguru

Re: Google Voice » Free SIP-to-XMPP Gateway

Agreed. But, to that point, the article specifically recommends NOT using your main Google account/credentials. Create a separate GV account for this purpose. I did. Easy as cake. None of my personal info involved at all. No connected GMail or Google+ or anything. If it gets compromised, I walk away...

ropeguru
Premium Member
join:2001-01-25
Mechanicsville, VA

ropeguru

Premium Member

said by brg:

Agreed. But, to that point, the article specifically recommends NOT using your main Google account/credentials. Create a separate GV account for this purpose. I did. Easy as cake. None of my personal info involved at all. No connected GMail or Google+ or anything. If it gets compromised, I walk away...

Which is fine as long as you haven't already started giving out and using a number that IS attached to your main credentials.

Good for folks just starting but not worth a hoot for those that are already established.

Trimline
Premium Member
join:2004-10-24
Windermere, FL

Trimline to brg

Premium Member

to brg
Guys, this works well. You can use your main Google account by setting your account to a 2 step sign-on.

Get all the information here:

»support.google.com/accou ··· r=185833

It's a little bit of a hassle, but well worth it. Each application has it's own password which you can revoke at will. Much safer in your browser too.

Arne Bolen
User of Anveo Direct, 3CX and Qubes OS.
Premium Member
join:2009-06-21
Utopia

Arne Bolen

Premium Member

said by Trimline:

Guys, this works well. You can use your main Google account by setting your account to a 2 step sign-on.

 
There is a bug in Google's 2-step verification system making it very easy to bypass the 2-step verification.

Until Google's fixes this bug you might think twice of trusting it.
 

Trimline
Premium Member
join:2004-10-24
Windermere, FL

Trimline

Premium Member

Hmmm. I could not find any "bugs" since last year, except for someone using XP and getting their code sent every 10 minutes...

Seems pretty darned tight to me. Have you tried it?

Arne Bolen
User of Anveo Direct, 3CX and Qubes OS.
Premium Member
join:2009-06-21
Utopia

Arne Bolen

Premium Member

 
I discovered the bug a couple of months ago, it might have existed longer than that.

I can reproduce the bug anytime I want. Actually, I use the bug when I am too lazy to enter the code sent to my cell phone. It's faster when my cell phone is turned off.
 
Anon
Anon

Anon

Anon

Is this a bug with application specific passwords (which is what I assume we'd use here), or is it with logging in without a code? I assume you could only log in without a code on a device that you've specifically allowed to do so at some point in the past. With applications specific passwords, you can't loose control of your account, and they can be revoked without changing your main password.

Arne Bolen
User of Anveo Direct, 3CX and Qubes OS.
Premium Member
join:2009-06-21
Utopia

Arne Bolen

Premium Member

This bug is with the 2-step verification system, not with the application specific passwords.

You can log into your Google account without using the one-time 6 digit password sent to your cell phone. You need of course know how to do that, but it's extremely simple.

Google's 2-step verification system does not work as intended. It gives you a false feeling of security. You believe you are protected, but anyone who knows your password can log into your account despite you having the 2-step verification system enabled.