Two factor authentication: just do it!

This post on Wired editor’s Mat Honan’s blog had me worried. While there are plenty of things you could blame him from doing wrong (mainly not having backups even though the OS he was using makes this extremely easy) the thought of somebody being able to just wipe everything is frightening.

While to my knowledge Apple has not implemented two factor authentication (which, seeing this, they probably should!) a lot of us also have an Google account which is very important to us. Access to a Google account could not only give somebody access to your mail (Gmail) but Docs, Drive and lots of other services as well.

Therefore just don’t hesitate and setup 2-step authentication on your Google account today. Once setup it is actually quite easy to use, especially if you also install the Google Authenticator on your smartphone. To make sure you don’t lock yourself out, print the backup codes Google provides and setup a backup phone (for example of a family member).

Should you ever have to use a backup code or phone, here is how. Also if (like Google suggests) you keep the backup codes in your wallet and your wallet is stolen or lost, you can disable to those backup codes by creating new ones (through Account > Security > “edit” button on 2-step verification > Show backup codes > Generate new backup codes), which as you can see mention specifically “Only the latest set of backup codes will work.

If you use Lastpass to manage your passwords, you can configure Lastpass to use two factor authentication too using Google Authenticator by following these instructions. While editing your account settings you might also want to increase Password Iterations to 1000 on the General tab. If you signed up a while ago it might still be set to a lower (and less secure) value. You can also restrict access to one country only if you know for sure you are never going to login to Lastpass from abroad.

Finally as backup solution (but not necessarily your only backup solution, as it could in theory be wiped remotely) I recommend Backblaze, which is just $50/year for automatic unlimited backups (works on both Windows and Mac).

Edit: a detailed report has been published on Wired and is also featured in episode 365 of TWiT (This Week in Tech).