(This discussion may have lived on the previous forum.)
In light of recent events, it’s a good time to revisit how we address some online security tips.
Google provides a 2-Step Verification option for increased account protection.
I use this for both my work and personal accounts. Whenever I use my account to log in, I am prompted to provide a code that is sent via text to my phone. This verification can be done via text, call, and app to your device. There are other options as well but the previous are most common. Google also provides you with a list of one-time use codes in the event that you are not able to receive the verification.
UPDATE: Google has made this process even easier. Once your verify your personal device, verification with the device is as simple as clicking YES/NO on your device. All other devices will still require a code.
NOTE: 2-Step verification wouldn’t prevent the phishing/email scam that happened as it works behind this process. In this event, you have already gone through verification. So the scam has the user granting access to their account once they are logged in. It is always best practice to be mindful of what is being shared with you or in your email.
You can always check you connected services here: Manage the services connected to your Google Account
+1, but understand that you will need to be able to access your phone every time you have to re-authenticate. I have had some headaches with my phone being dead or not on me when I need to log in. In that case you need to have your back-up codes somewhere accessible. I saved a screenshot of my back-up codes to my desktop, which helps.
I was thinking about this in light of the recent phishing scam that netted over 100 of our District 287 staff.
I turned on Google 2-step authentication at one point last year, but the frequent re-authentication was enough of a pain in the butt that I quickly turned it off again. I feel like I should try again, and see if it’s still at the same level. I get that security is important, for sure, but re-authenticating all the time was super annoying.
I’d much prefer retinal scanning.
While retinal scanning would be pretty cool I’ve been really happy with my 2-step authentication. I don’t have to reauthenticate much at all. The other thing is I have tied my account to my google voice account so that if I don’t have my phone near me, I can just have google send the verification code to my google voice number which I can pull up from a computer. This way you can have multiple options to get the verification code rather than the set codes.
I knew @Scott_Swanson had been using it for a while so that’s what prompted me to give it a go. I too was somewhat in the camp as @MikeSmart. I thought it would be cumbersome but it’s a non-issue for me now. Even when I don’t have a phone or data connection to get the code. I have been using it for almost a year with both my work and personal accounts; and I am pretty sold on it. I am certainly open to other options As mentioned before, now it’s just the simple press of “yes” on my phone to authorize. No code needed. [quote=“Scott_Swanson, post:4, topic:237”]
The other thing is I have tied my account to my google voice account so that if I don’t have my phone near me,
I like this!! I am on Google’s Project Fi as my provider (and love it) so I merged my Voice account and can’t use Voice anymore. Crazy thing, with Project Fi, I use Hangouts as my default messenger service but the verification codes will only get sent to my device. They won’t show up in browser based hangouts if I am on my computer.
[quote=“Scott_Wright, post:5, topic:237”]
… the verification codes will only get sent to my device. They won’t show up in browser based hangouts if I am on my computer.
[/quote]I have been using Pushbullet as well. This also has allowed me to get SMS texts to my phone on various computers as well.