Recently launched Google’s 2 step verification is simply great. Its been quite a while since I have come across an algorithm which is simple to be utilized by the users yet technically complicated.
As usual Google has provided a How it works link.
In this 2 step verification, Google considers mobile phone / landline which can be used for verification. The user has the option to choose between a Automated Voice Call or an SMS.
Users of Gmail when they are enabling this 2 step verification should ensure the following:
1: Keep you mobile phone / Landline handy and if its a landline – never provide the board line numbers, use only direct lines.
2: Google requires a backup phone number, which may belong to one of your family members or a close confidant, before starting the 2 step verification ensure that you notify them beforehand, so that when they receive the confirmation from Google, they can provide you with the code immediately. I committed the mistake of not informing my friend and the sms was promptly deleted, which led to certain amount of delay.
3: Google, also provides 10 additional codes (one time use only) for you to access your account.
4: Desktop applications using Google services eg. Mail Clients, Google Earth, Picasa etc. do not support 2 step verification, hence Google will request for application specific passwords.
Differentiating authentication of web-applications and desktop applications is a great start. Usually, Authentications are common for web and for desktop, this would be a trend setter, hopefully, Google doesnt patent this differentiation.
Now, the things which I need to test is what will happen when I am accessing my mail account from three different locations, two locations being my residence and my work-place and the third location being an un-secured location eg. cyber cafe or hot-spot. What will happen if after 10 days I do visit the cyber cafe and use the same verified system to access my gmail account. What would be the system status when printed codes are used?
When and How will the backup number assist me in logging on to Gmail when my mobile is stolen, a few instances act as a gentle reminder.
Just wondering what will happen?? Comments and Inputs highly appreciated.
Recently a user’s gmail account was hacked and here is the link. So it is advisable to enable 2-factor authentication.