Comments on: Google Adds 1-Time Passwords to Gmail, Apps

By: Aniruddh

Aniruddh — Mon, 30 May 2011 09:05:03 +0000

the back up code is useable only one time so 10 codes u have, can be use 10 times only..

yo need to check n reply an important email and that time.
1) phone is out of network n not able to get the text.
2) Phone is off and no power line to put in for charging.
3) you’ve lost your phone somehow.
4) somehow everything is perfect but google fail to send u text msg over ur phone.

i think in these kind of time backup code is useable.

just save it in ur phone and computer u use in a place only u kno where to find it..

make text msg pasword protected. so if somehow someone kno ur email n password and gain assess to ur phone ur basic phone security may save ur google account.

I hope it helps

By: patrick t

patrick t — Thu, 24 Feb 2011 14:08:16 +0000

I need your opinion on a free download called CCleaner v3.04 it cleans up your computer and Added support for Windows 7 SP1.
Added Internet Explorer UserData cleaning and management.
Added Safari cookie management.
Added support for SongBird and Thunderbird embedded browsers.
Several big improvements to the Registry cleaner.
Added cleaning for Excel Viewer, FeedDemon, WinDiff and Last.FM,
Free Download Manager, Internet Download Accelerator
and Internet Download Manager

I heard that this is a spy ware software do you believe so?

By: Gene

Gene — Sat, 12 Feb 2011 17:46:28 +0000

I checked for this on my Gmail account and it is not yet available. It is apparently only being rolled out gradually as the message says it will be available on my account and others “soon.”

By: Robert D. Barnes

Robert D. Barnes — Fri, 11 Feb 2011 20:06:44 +0000

This is welcome step by Google to add multi-factor authentication to all its users. The problem as I see it, however, is that this solution is almost worthless if a user accesses Gmail from a mobile device and uses the browser to “remember” the password. Now the attacker (thief?) has both factors of authenticity: the credentials AND the mobile phone device.

(It’s also a fun coincidence that PhoneFactor–provider of two-factor authentication–is an advertiser on this site!)

By: Roger A. Grimes

Roger A. Grimes — Fri, 11 Feb 2011 12:43:58 +0000

I work for Microsoft full-time and I didn’t realize until just now that Live\Hotmail has had the same functionality (or near it) since May of last year. Right on the main logon screen is a ‘Get a single use code to sign in with’ option.

By: bruce

bruce — Fri, 11 Feb 2011 08:35:39 +0000

So how does all of this play out for a g-mail account that is forwarded to a Blackberry then ???

By: AlphaCentauri

AlphaCentauri — Fri, 11 Feb 2011 03:09:06 +0000

I’m afraid a thief would be more likely to steal my cell phone than my password. If a cell phone has sufficient information on it for the thief to guess the gmail account of the owner, that’s another weak link.

By: blue danube

blue danube — Fri, 11 Feb 2011 01:00:20 +0000

secret question: what is your favorite color?
answer: blue

JACKPOT!

By: Roger A. Grimes

Roger A. Grimes — Thu, 10 Feb 2011 23:23:47 +0000

OTP systems aren’t the perfect solution. As with an authentication solution they can be bypassed. I’ve worked with a few Europeon banks that have been using OTP for years, and while it does cut down on losses, the bad guys have been getting around them for years. Usually they do it by compromising the end-users desktop, making a hidden change to the user’s transaction, using a hidden browser session, and then letting the user put in the OTP or code to approve the transaction. Unfortunately, what the user thinks is happening and what is happening (at the bank) is different, and neither side is aware. Of the bad guy changes the victim’s phone number to a new Skype one, so that the codes are sent to the bad guy instead. OTP helps prevent someone from pretending to be you from some other location, but does not prevent Man-In-The-Endpoint attacks. And if they get your OTP (or emergency backup codes), they can pretend to be the person from another location. OTP is good…can’t complain…but it’s not like the bad guys won’t see it as anything but another temporary bump in the road.

By: Yar

Yar — Thu, 10 Feb 2011 23:00:09 +0000

“Given the epidemic of commercial and consumer e-banking account takeovers aided by password theft, it would be nice to see financial institutions taking a cue from Google’s offering.”

As an Online Banking manager at a community bank, I can say that I would implement this in lieu of token authentication in a heartbeat if it were offered by our software provider. We coule eliminate the cost of tokens while improving security at the same time. Since the purchase price of the tokens is about 10 bucks even when buying in bulk, a bank with any number of customers would save hundreds of thousands of dollars easily by implementing this instead of tokens.