|Cloud Worship Is Questionable
||[Aug. 10th, 2012|11:07 am]
I've seen two bloggers on the Atlantic evangelizing for what Google prefers to call a "two-step verification" system for email, which means giving Google your phone number.|
They are blithely indifferent to reasons handing a corporation yet more personal information, particularly something with greater access to real names and locations, may be a bad idea.
The idea of restricting information as a preference, let alone a security precaution itself, is not considered. Nor are potential technical and human problems and flaws, such as losing your phone.
Actually, two-step Google Mail verification involves giving them your phone number AND using an app called Google Authenticator, which is essentially a synchronized token generator that runs on your smartphone, much like the password token fobs high-security agencies use.
I use Google Authenticator myself, and while I occasionally feel exasperated at having to check my phone to get the current numbered token (each token lasts for only one minute), it does make me feel safer, knowing that anyone attempting to log into m Google Mail account from a new device (or an old device whose sign-in period has expired) must have my Google account name, password, AND Google Authenticator token.http://support.google.com/a/bin/answer.py?hl=en&answer=1037451
"Or", not "and". You don't need Google Authenticator unless you want to generate auth codes without Google calling or texting you.
You can also use pregenerated codes and do two-factor auth with those, using neither cellphone nor app, but you can only generate 10 at a time and they're one-use.
Also: password token fobs high-security agencies use.
Some friends of mine bought the tokens to use with their World Of Warcraft accounts. And it both amuses and offends them that their WoW account is now more secure than their bank account.
I always wondered who the people are who do this-why the fuck would someone give their number to facebook or google?!?
They probably secretly have it anyway.</p>
But im not gonna HELP them.
Earlier this year I needed the celphone number of a person who I normally either am seeing in person or can send email - after knowing him casually for over fifteen years I'd never needed to phone him. But now he was (probably) on the highway headed for my city and I needed realtime communication at a distance.
It turned out that google did indeed know his phone number.
What pisses me off is I don't HAVE a cell and they won't. STOP. DEMANDING.
Google went to shit about two years ago, anyway.
This is part of what got me thinking about it. I've been trying to avoid the daisy chain and cloud for years because I'm just not disciplined enough to be safe,even without lax corporations.
Not playing is always an option. For most people, the question is what reasonable steps can you take to protect yourself while still having access to the services you want.
Google's two-factor authentication provides a reasonable amount of security with reasonable trade-offs. I've had mobile phones since 2000 and haven't lost one yet. My keeping-tabs-on-my-phone skills are a lot better than my picking-strong-passwords-and-changing-them-regularly skills or my remembering-the-answers-to-the-security-questions-I-provided-five-years-ago skills.
Oh, I totally get how this is a viable option for some, but if you are easily confused by tech and lose your phone, it could be a problem. And non-tech columnists should mention this rather than writing posts encouraging readers to act without hesitation.
Yeah, I get more than enough unwanted phone calls. Google can't have my number.
I'd still like to copyright all my personal data, such that any use of it meant I got paid. It's strange to me this isn't already admitted to be a human right.