Google lets Users Double-Down on Account Security

[Dermot7]

"The net is getting a little safer for Google users Thursday, as the company is unveiling an option for Google users to lock down their accounts with more than just a password.

Starting Thursday all Google users can choose to turn on a so-called “two-factor authentication” feature, which will require them to type in a special, short-lived second password in addition to their normal password to get into their account. Users will be able to get the codes via SMS or a phone call, or use smart phone apps for Android, iPhone and Blackberry to generate the codes.":

http://www.wired.com/threatlevel/201...ogle-security/

[funkydude]

Security at the cost of handing out your phone number, Google you sure know the tricks of the trade!

[Dermot7]

Quote:

Originally Posted by funkydude

Security at the cost of handing out your phone number, Google you sure know the tricks of the trade!

Yeah! .....first thing that occured to me was Google collecting phone numbers.

[Dermot7]

Quote:

Originally Posted by Dermot7

Yeah! .....first thing that occured to me was Google collecting phone numbers.

https://www.privacyinternational.org...ll-number-grab

For the record, I don't use gmail and try to avoid Google where I can. But once again I find myself in a position to actually defend them.

from the article above:

Quote:

All in all it doesn't sound so bad and Google have been widely praised for deploying the technology - but everyone seems to be missing the elephant in the room - WHY THE HELL would anyone ever trust Google with their phone numbers?

OK, I get it. But WHY THE HELL would anyone ever use gmail if they don't trust Google with their phone numbers?
Emails are a lot more privacy sensitive than phone numbers. Unlike with their emails Google can't listen to your phone calls (though I wouldn't be too sure about that with Android )

Talking about the elephant in the room, how can anyone miss such obvious conclusion?

Gmail already handles tons of very sensitive data. Nobody was forced to sign up for their free services. If we all were mature and responsible custoners like we claim to be (don't we?) there wouldn't be a problem with Google at all.
So, for all the trusting gmail customers Google now rolled out a feature that improves security and yes, privacy!

If you can show me where in the TOS they say they are going to sell the phone number to cold calling agencies I take it all back...

[Dermot7]

You may receive a"bespoke" targeted ad or marketing ploy on your cellphone via text or image perhaps? Some may not mind this, or even welcome it. It may
not be possible in the future to prove or trace where a database has been sold to, or made available to.

What's the biggest asset of dotcom and now web2.0 companies?
Their userbase!

You think Google would risk it all, and the legal consequences?
Of course we are reminded of the wlan debacle.

According to their "joking" Schmidt they won't cross that "creepy line" (yet?).
I think selling phone numbers collected solely for protecting an email account is way beyond that creepy line.

They might try one day like they did with buzz and wlan sniffing. But if there is an outcry they'll back down. In the future the legal pressure on Google from both USA and EU will increase as MS loses traction and market share.

Based on all this I conclude as long as it's not in their TOS nothing like that will ever happen. In the case that our senses of freedom and privacy further erode, through governments, propaganda, laws and pervasive corporations like Google and becomes reality there will be a way to opt out.

[Dermot7]

They will try any way they can to prevent you from opting out, they want to know as much as they can about you and everyone, for the purposes of "national security" etc.
I cannot see any legal pressure on Google from the US Govt. at least not at the
moment, in fact they're "friends", if their recent collaboration in the Recorded Future project is anything to go by, but the relationship could change, yes.

http://www.wired.com/dangerroom/2010...ve-google-cia/

[SteveTX]

My first thought is that this is a ploy by google to
1) capture and associate cellphone #s to gmail addresses
2) reduce spam
3) reduce automated account creation by capcha-solving services

pretty clever really, and they were able to spin it as a "security" feature (lol) that requires that you give up private and personally identifying information (antisecurity).

if google really wanted to provide two-factor authentication without forcing users to give up more privacy, they could have used a computer-based application, an instant message, a secondary email, or any other communication channel.

[CloneRanger]

Use a prepaid non contract cellphone

Also there are Plenty of really cheap cellphones available, so get one and ONLY use it for things like this. Do NOT use it to store or phone/text etc people etc you know or could be connected to you. ONLY switch it on and use it away from home/work/friends etc etc locations = No GeoTagging and/or the like

EDIT

Just discovered that you can use a landline or mobile ! I wouldn't use a landline

[funkydude]

Quote:

Originally Posted by SteveTX

if google really wanted to provide two-factor authentication without forcing users to give up more privacy, they could have used a computer-based application, an instant message, a secondary email, or any other communication channel.

They should send off authenticator hardware for free, then they could have your house address. That's what I'd do!

[Konata Izumi]

I used my landline... Google called me.
Am I doomed?