 cacrollEventually, Prozac becomes normalPremium
join:2002-07-25
Martinez, CA | reply to MacGyver
Re: Beware Hotel WiFi People are constantly attempting to login to my GMail / Google account. Google offers two factor login, to counteract this problem.
I enabled two factor login, some time ago. This protects me from people in China, and other countries - but it causes occasional inconvenience.
If you enable two factor login, be sure to always carry your cell phone (or whatever token you choose). If you move location / change browser / change computer frequently, when using GMail, plan to have times when using two factor login can cause stress.
--
Cheers,
Chuck
Nitecruzr Dot Net
Google+ - Nitecruzr |
|
|
|
 MacGyverDon't Waste Your EnergyPremium,ExMod 2003-05
join:2001-10-14
Canada
kudos:1
 ·TekSavvy DSL
| A much better idea in my opinion is the setting of one-time use passwords. You set them in advance in your GMail account while you are at home using your regular password, then if you have to login in an insecure environment, using a one-time password that is no good afterwards ensures your account can't be hijacked. |
|
 AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ
kudos:1 | said by MacGyver:A much better idea in my opinion is the setting of one-time use passwords. You set them in advance in your GMail account while you are at home using your regular password, then if you have to login in an insecure environment, using a one-time password that is no good afterwards ensures your account can't be hijacked.
how to? (or is this the one time pad for 2 step authentication)
--
* seek help if having trouble coping
--Standard disclaimers apply.-- |
|
 trparkyApple... YUMPremium,MVM
join:2000-05-24
Cleveland, OH
kudos:2 | I have a VPN setup on my home router as well. I use that while connected to open WiFi hotspots. Either that, or I tether my device to my smartphone that has tethering built in. |
|
MacGyverDon't Waste Your EnergyPremium,ExMod 2003-05
join:2001-10-14
Canada
kudos:1 | reply to AVD
It's an idea I pitched to Google. |
|
OZOPremium
join:2003-01-17
kudos:2 | reply to MacGyver
Assuming that it's working as described. How one time log in is much better idea than anything? What if you will have to check your gmail account again in a half of hour and so on? And you'll have to think twice (or even more than that) before you log out... It's not practical at all.
--
Keep it simple, it'll become complex by itself... |
|
TheMGPremium
join:2007-09-04
Canada
kudos:1 | reply to cacroll
said by cacroll:Google offers two factor login, to counteract this problem.
Which unfortunately requires a cell phone, something not everyone has.
No cell phone = no two-factor authentication. |
|
OZOPremium
join:2003-01-17
kudos:2 | Good. Because a two or even five factor verification is not a solution for hotel WiFi hacking problem. Especially if it requires a cell phone... Your personal VPN, IMHO, is.
--
Keep it simple, it'll become complex by itself... |
|
cacrollEventually, Prozac becomes normalPremium
join:2002-07-25
Martinez, CA | reply to MacGyver
They use one time passwords, already, for non browser applications. They call them "Application-specific passwords".
Some applications that work outside a browser aren't yet compatible with 2-step verification and cannot ask for verification codes. But "2 step verification" essentially uses one time passwords. You get the one time passwords using SMS, from your phone, when needed.
--
Cheers,
Chuck
Nitecruzr Dot Net
Google+ - Nitecruzr |
|
cacrollEventually, Prozac becomes normalPremium
join:2002-07-25
Martinez, CA | reply to TheMG
You can get a prepaid "burner" phone for maybe $20. If you never use it for voice communication, it's there when you need it for backup Google access. |
|
AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ
kudos:1 | reply to TheMG
said by TheMG:said by cacroll:Google offers two factor login, to counteract this problem.
Which unfortunately requires a cell phone, something not everyone has. No cell phone = no two-factor authentication. you can use a house phone with it.
--
* seek help if having trouble coping
--Standard disclaimers apply.-- |
|
AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ
kudos:1 | reply to cacroll
said by cacroll:But "2 step verification" essentially uses one time passwords. You get the one time passwords using SMS, from your phone, when needed.
or carry the "one-time" pad with 12 passwords.
--
* seek help if having trouble coping
--Standard disclaimers apply.-- |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:8 | reply to AVD
said by AVD:you can use a house phone with it.
A handy solution to avoiding problems with hotel wi-fi, then. |
|
 Vchat20Landing is the REAL challengePremium
join:2003-09-16
Columbus, OH | reply to AVD
said by AVD:said by cacroll:But "2 step verification" essentially uses one time passwords. You get the one time passwords using SMS, from your phone, when needed.
or carry the "one-time" pad with 12 passwords. Actually when you set it up they do give you a list of emergency one time use' codes to stash in case the normal channels are unavailable. Think they give you 12?
And as noted: It works with standard telephones, too. Basically it must be a phone number but they do either SMS or Voice. Mind you it is a 'they call you, you do not call them' so it must be a set, reliable number.
But given the system is open source, there are numerous non-Android/SMS based authenticator clients you can also use: »en.wikipedia.org/wiki/Google_Aut···entation
--
I swear, some people should have pace-makers installed to free up the resources. Breathing and heart beat taxes their whole system, all of their brain cells wasted on life support.-two bit brains, and the second bit is wasted on parity! ~head_spaz |
|
AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ
kudos:1 | they can call you, not smartphone required. I think the pad was 12, might be a few more, I'll check when home.
--
* seek help if having trouble coping
--Standard disclaimers apply.-- |
|
cacrollEventually, Prozac becomes normalPremium
join:2002-07-25
Martinez, CA | reply to AVD
Or a house phone - if one is convenient and if you like listening to the robot. |
|
cacrollEventually, Prozac becomes normalPremium
join:2002-07-25
Martinez, CA | reply to Vchat20
said by Vchat20:It works with standard telephones, too. Basically it must be a phone number but they do either SMS or Voice. Mind you it is a 'they call you, you do not call them' so it must be a set, reliable number.
That's the one drawback with the house phone option - you have to register it in advance - so it's useless when you travel. That's where the burner cell phone is a necessity.
--
Cheers,
Chuck
Nitecruzr Dot Net
Google+ - Nitecruzr |
|
TheMGPremium
join:2007-09-04
Canada
kudos:1 | reply to AVD
said by AVD:said by TheMG:said by cacroll:Google offers two factor login, to counteract this problem.
Which unfortunately requires a cell phone, something not everyone has. No cell phone = no two-factor authentication. you can use a house phone with it. Which is useless because if you need to access the account away from home, well, you're out of luck. Also, your own computer at home is likely the lowest-risk environment you're going to log in to your account on.
I think it would be nice if they had the option of a hard token similar to the SecurID tokens. Something small you put on your keychain and doesn't rely on a phone. |
|
 BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:6
 ·Bell Fibe
| reply to TheMG
said by TheMG:said by cacroll:Google offers two factor login, to counteract this problem.
Which unfortunately requires a cell phone, something not everyone has. No cell phone = no two-factor authentication. Not entirely correct. For travel and other emergencies you can pre-print up to 10 2-factor authentication codes on a paper and take with you. Each code can be used only once (for up to 30 days if you allow cookies and allow the browser to be 'trusted').
»support.google.com/accounts/bin/···=1187538
»support.google.com/accounts/bin/···=2544838
As mentioned already, always use HTTPS |
|
