Companies Advise Tighter Security After Honan Hack

In the wake of the hacking of Mat Honan's accounts, Google, Facebook, Amazon, and Apple are just a few of the companies making their security policies tougher, and they are advising people to do the same. From the article: "Even as those companies’ teams moved to patch the holes, others moved to offer security tips. Matt Cutts, head of Google’s Webspam team, used his personal Website to urge Gmail users to embrace two-factor authentication. 'Much of the story is about Amazon or Apple’s security practices, but I would still advise everyone to turn on Google’s two-factor authentication to make your Gmail account safer and less likely to get hacked,' he wrote in the August 6 posting."

Feels like post-911

[A+beautiful+mind]

In the name of security Google has been pestering for my phone number for years, while their motives are much less about my security and more about their business reasons.

Re:Feels like post-911

[patchmaster]

Google has had my phone number for years. To my knowledge I've yet to receive a single call that originated from Google or someone to whom Google gave my phone number.

I'm all for identifying evil as evil, but it would be nice to have some actual evidence before making the accusation.

Re:Feels like post-911

[Daas]

You're OK with them storing every single one of your emails but not your phone number? I hope tinfoil hats are on sale these days.

If you're too scared of using the phone number auth, just use the Android or iPhone authenticator app. Setup is quick, it's not too invasive and it just works.

Re:Feels like post-911

[ThunderBird89]

Yet it seems you're very happy to use the internet, whose death you so crave, to voice your opinion and grief about the internet you use to give voice to your opinion.
Seeing the contradiction?

[First sentence is deliberately self-referential and obfuscated]

Re:Feels like post-911

[tlhIngan]

I'm all for identifying evil as evil, but it would be nice to have some actual evidence before making the accusation.

The fact that a single "no" is not enough to get them to stop asking is evidence enough.

Not to mention Google really tries to hide the "No" button. It just pops up as a box that says you need to enter your phone number. If you look down, the link to skip it is very tiny, enough to miss it. I'm willing ot bet most people don't even know there's an option to skip it.

It also pops up randomly on you, and each time it seems the "No" link gets tinier and moved somewhere else.

For Do No Evil, they certainly are applying all the usual marketing tricks to hide stuff like free downloads and such. If they really cared, it would be in normal font with text saying it's completely optional and you can bypass it by clicking the nice big link.

Re:Feels like post-911

[c++0xFF]

It's in Google's and your own best interest to make your accounts as secure as possible. They get a black eye in the media every time there's a high-profile hacking of a Google account ... which in turn hits at their reputation for providing solid, secure services.

Given that most users don't know what's best for them, I think it's completely reasonable for them to pester a little bit about a way to improve security.

Now, that said ... there should be a way to turn the reminder off completely. Some people (me) simply can't use it.

Re:two-factor security

[kaiser423]

Uh, they do have a one-time pad of pre-authenticated numbers, and an app that doesn't require an internet connection. I've authenticated form a 9200bps modem from the middle of the Pacific using my list of one-time security access codes.

In other words, it's glorious. Google does security right, and everyone else needs to take notice. Including corporate IT departments. I've used it for years, and every now and then when I need a new account, I go and get an outlook.com account or similar, because all the regular names are taken in gmail, but I always feel so naked using them. No security at all.