Let’s do the Google verification two-step!

I do what I can to keep up with the subject of digital security, but I have admit I’m not particularly careful. It’s one of those things that you know you’re not doing properly, but tend to put off continually, perhaps hoping the problem will go away or sort itself out. I’m aware that I’m not aware of what I’m doing, so to speak, and am sure that if somebody with the inclination wanted to get at my information, accounts and devices for whatever reason, they wouldn’t find too many problems and could make my life very difficult.

For a long time I put off activating two-step verification for most of the applications I use, simply because I have so many devices, among them several computers in dozens of classrooms at IE Business School, where I normally log it before classes, and the idea of waiting for a message with a password that I would then have to type in to eventually start a session is just too bothersome. Furthermore, I have lost count of the number of times I have left a classroom after a teaching session and forgotten to log out of my email, for example, meaning that I have then had to use Gmail’s remote logout functionality to avoid having to go back to that classroom (it’s under the in-tray, at the bottom of the page, right hand corner, click on Details… my pleasure :-)

A couple of weeks ago, I came across a news item on Mashable called “Google’s two-factor authentication is now a breeze to use”, which led me to a Google blog post for “New settings for 2-step verification” and decided to give it a go. I tend not to write about these kinds of questions when I seem them, and prefer to try them first to see the result, and to be honest this has always worked well for me: minimal intrusiveness, instant results, so that when I try to login to a machine I don’t normally use, and that might require more security, the menu pictured above appears on the screen. You click on the blue button and unblock your smartphone, open Google’s app, and confirm say, with your fingerprint. It really does take a second and adds a new level of security.

Verification via smartphone is still in its early stages, but shows tremendous potential. I have this miniature computer on my person or close to me all the time and am able to verify myself to a degree that while not infallible (there is no such thing as total security), but it seems infinitely superior to somebody just looking at my passport photograph, which in my case now bears little resemblance to the actual me (I was about 20 kilograms overweight by the time I took that picture!). In fact, when boarding airplanes I swipe my boarding pass on my smartphone, but also have to show a physical document that is much less secure than any digital identification. When will our governments shift to digital ID cards that make use of the capacity of these smartphones that more and more of us now use?

If you haven’t tried Google’s new two-step verification, then you should. It’s a very simple way to improve your security, as well as to think about other identification issues!

(En español, aquí)