I woke up to a bit of a scare when some of my alexking.org Gmail accounts were unable to log in to Gmail. I was afraid the accounts had been compromised and the passwords changed. I had secure passwords, but had been lazy about turning on 2-factor authentication for several of them – that’s all fixed now.
As it turned out, the hiccup ended up being due to a Gmail disruption.
I’ve also turned on 2-factor authentication for this site using this plugin (make sure to enable the app key if you use iOS or Android apps to connect to your site). Note that the Social logins for commenting still work without 2-factor authentication.
I’d recommend taking similar steps for your sites. Waking up to an “uh-oh” feeling is no fun at all.
This post is part of the thread: Passwords – an ongoing story on this site. View the thread timeline for more context on this post.
Alex King: Scared Straight http://t.co/drQZzAq7dL
Alex King: Scared Straight http://t.co/1A3Ih3r6fk #wordpress
#Wordpress Alex King: Scared Straight http://t.co/762ybTbY0H
I’ve been using the Google authenticator for my server’s SSH service using the PAM module (http://code.google.c[...]Instructions) for some time now, as well.
Alex King: Scared Straight http://t.co/rY6ke5Zc54 #wordpress #wp
[…] with sudo, or…) accounts with two-factor authentication. There is a WordPress plugin (thanks, Alex) to require it on your blog, and Amazon’s AWS and Dropbox both implement it for account […]
I’ve had that happen to me. It’s very scary!
New on @alexkingorg: Scared Straight http://t.co/IDrbYRct9n
I can see why this kind of think would wake you up real quick. It would me. And now there seems to be a whole lot of talk/action from major social sites, online retailers, Google, personal sites, etc about moving to 2-factor authentication and that’s both good and bad. It’s good to see security finally taken seriously and it’s bad due to the sad fact that it’s actually needed. The world (meaning “people”) is getting rather dangerous these days–even more than usual. My wife and I are already experiencing this as one of our banks now sends a secret code via land line when you log in. We log into our account, it takes us to a page where we type in the code we receive, the phone rings, etc, etc.
However, for me personally and for a lot of folks as well, I can see this presenting a rather large problem. The first thing all these sites are talking about that are or will be requiring 2-factor authentication is having to use your smart phone to finally authorize a login. Well, that’s fine except I do not own a smart phone, I don’t need a smart phone and I certainly won’t buy one and be tied into an overly expensive contract plus monthly service fees.
Now some sites are saying that in lieu of smart phone authentication, an email will be sent to an email address of your choice. This is fine but not all sites are offering this. Now the Google Authentication plugins’ faq mentions an extension for Google Chrome that can be used for those without a smart phone and that’s fine except not everyone uses Google Chrome either.
Right now, Google itself offers the option of turning on 2-factor authentication for you Google account but I can see a day sometime in the near future when that option will no longer be offered and 2-factor authentication will be the norm and it will require a smart phone to do so. I’m not really complaining about this at all, I just foresee a problem for those many people who have no use for smart phone or live in a place where there’s no service.