I assume this is ok to mention (meaning I don’t think the bad guys can get anywhere with it). At the start of 2011, Google introduced two-factor authentication. Over the summer, I enabled it for my Google account. What’s the difference or extra? I’m glad you asked.
Basically, two-factor authentication is based on two “things.” In my case, it is something I know–my password–and something I have–a code from Google. When I attempt to login using a google account, I am not only asked for my id and password, but I get prompted for a verification code. Where do I get the code? Google has an app that I installed on my phone that generates them. So, not only do I have to have my keypass (what I use to generate strong passwords) but I also have to have my mobile phone.
So far, the only problem this has caused was when I tried to sign-on using Google’s stand-alone talk application. I spent a good 30 min trying to figure out why I couldn’t log in. I was trying to sign-on with a google app account so at first I thought that was the problem (it looked like it was stripping off my domain). After some Googling, I decided I needed to give up and get back to work. The next day, I decided to give it another go. This time, I remembered that Google offers to generate application specific passwords for things that aren’t two-factor compliant. I generated a new one and, sure enough, it connected straightaway.
If you want to know what I did to enable two-factor authentication, let me know, and I’ll post a HOWTO.
Image from Richard Parmiter via flickr