More importantly the code changes and is sent to your phone when you request it (at log on). There's a lot of practical reasons why this is orders of magnitude better than a static code which amounts to another password. To understand why think about how most web services end up getting compromised.

- Most commonly a vulnerability is discovered in the web service (or another web service where you used the same e-mail/password combo, so get a password manager!).

- Given a database of users and password hashes, the attacker would attempt to brute force or "guess" the password with automated software

- If the password is in plain text (not hashed) in the web services database, it's already game over

- If he hashed password doesn't use a salt (http://en.wikipedia.org/wiki/Salt_%28cryptography%29), pre-computed rainbow tables make getting the plain text password trivial

- Having discovered a username/password combo, the attacker would gain access and generally try to use the same combination on other popular services (gmail, facebook...)

With that process in mind, you could easily use the same account credentials on a much smaller and less secure service than gmail and have that service become your attack vector. As you can imagine most people have a whole lot of e-mail indicating nearly every online service they use, and password re-use is rampant. That means once you have your gmail account compromised a cascading waterfall of sorrow can follow.

The take away from all this is, your important services should have unique passwords *and* 2 factor auth. If you need your phone to get in to gmail, amazon, $BANK, ebay... then so does the attacker meaning you have really massive gains in terms of safety and piece-of-mind.

On Sat, Aug 2, 2014 at 12:30 AM, Stephen Partington <cryptworks@gmail.com> wrote:

2 factor authentication adds a whole second layer to your login. So you need a code plus password to authenticate from an untrusted location. If you look under security settings you can get more details.

On Aug 2, 2014 12:26 AM, "Michael Havens" <bmike1@gmail.com> wrote:

sorry for the delay.... I just got home from work.
I don't know what 2-factor auth is so I may have accidentally enabled it. How do I check that? WHy do you so highly recommend it, Stephen?

As for the priority inbox/social media thing.... my primaryinbox never changed when google changed their page. My business email did change though. It didn't affect me so I thought nothing of it

:-)~MIKE~(-:

On Fri, Aug 1, 2014 at 2:55 PM, Eric Cope <eric.cope@gmail.com> wrote:

did you enable 2-factor auth?

Eric

On Fri, Aug 1, 2014 at 2:29 PM, Michael Torres <matorres124@gmail.com> wrote:

Are you using Chrome? or FireFox?

Strange thing happened to me where i could not view any of my messages in FireFox anymore, so I have to access my gmail account in Chrome.

Mike

On Fri, Aug 1, 2014 at 2:26 PM, Michael Havens <bmike1@gmail.com> wrote:

so it only happened to me then it seems.

:-)~MIKE~(-:

On Fri, Aug 1, 2014 at 2:24 PM, Stephen Partington <cryptworks@gmail.com> wrote:

no idea

On Fri, Aug 1, 2014 at 2:22 PM, Michael Havens <bmike1@gmail.com> wrote:

no. I only used web mail. I never could get pop to work.

:-)~MIKE~(-:

On Fri, Aug 1, 2014 at 2:18 PM, Stephen Partington <cryptworks@gmail.com> wrote:

did you use a pop email client?

On Fri, Aug 1, 2014 at 2:05 PM, Michael Havens <bmike1@gmail.com> wrote:

I opened it this morning and my inbox was empty. 4 years worth of stuff was just gone!

:-)~MIKE~(-:

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

--
A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.

Stephen

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

--
A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.

Stephen

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

Paul Mooring

Operations Engineer

Chef