Ever have one of those days, where you suddenly get a weird email? Â Recently I thought the whole ‘google security’ thing was a bit over the top, then I get this fine email. Â I’m pretty sure it’s from a hotel I stayed at, looks like they had something there to MitM me. Great. Â But thankfully they used an old ass machine from the looks of it, so it triggered google.
You may want to check your security settings here, if you are using Google, with their security settings centre.
https://security.google.com/settings/security/secureaccoun
If you know your phone will work where you travel, and don’t mind the typical phone company overcharge for daring to leave the area, I’d enable 2 factor authentication as well.
So did you secure your system? I needed to turn on second guess login methods because Google felt that Outlook and iPods were not as secure as their phone OS thinks it is, so now I need to constantly step through hoops when signing back into my account.
Well even if it’s an insecure device, it’s good to know you are you… and not somebody else. But if you travel a bit, 2 factor authentication is a pain when the 2nd factor won’t work.
Technically they call it “2-step verification” but that’s potato potato.
If you have applications that don’t handle the 2nd step (like Gmail on an iPad) you can use their ‘App password’ feature to sign in, more details here:
https://support.google.com/mail/answer/185833
Its possible to generate a completely unique password for iOS devices. I did that for my first generation iPod Touch. I also did it for my Outlook arrangement on another computer. (Not that I do download copies of my Google Mail to it lately.)
The travel/overcharge thing only applies to 2FA by SMS codes. But the code can be generated by an app on the phone itself, with no connection of any sort.
Google uses standard OATH TOTP, and there are dozens of apps implementing it – not just iOS/Android, but also BlackBerry, J2ME, PalmOS, and whatnot… So it’s not limited to “modern” smartphones.