• iPad2 announced and being released (3/11)
• Motorola Xoom released
• Malicious Android Apps found in the Market Place
• Google released two-factor authentication for Google accounts
• First LTE to LTE phone call was made in the US
• Amazon released a Kindle update with real page numbers
• Safari and IE8 both pawned (again) at the annual Pwn2Own Hacking Contest (Chrome & Firefox unchallenged… yet…)
• iPhone and Blackberry pawned (Nothing on Windows Phone 7 and Android… yet…)
• And more!

It has been busy in the tech world the last month.  At times it is all one can do to simply keep up to speed.  For this post, I am going to center on the two-factor authentication released by Google.  Will do a pwn2own wrap up later.

To get started what is two-factor authentication?  And how is it different from my username and password?  Isn’t that already two-factor?

No.  Two-factor authentication (TFA or 2FA) means using two independent means of evidence to assert an entity’s identity to another entity (source).  Most of the time it is something you know (your password or PIN) and something you have (a Smart Card or RSA token).  So when you go to a website and just use a username and password you are really only using single-factor authentication (it just happens to be a combination of two things you know).

A good example of two-factor authentication or those that need Smart Cards to log into their machines at work or those that play Blizzard’s World of Warcraft or Starcraft2 and have their “Battle.net Authenticator” (the key ring or the Smartphone version) to log into their accounts.  Google has implemented a similar system to what Blizzard uses for their Battle.net accounts, but have gone a step further.

With Blizzard you have to have the physical token or the app for your phone.  With Google you can get an app for your phone, you can print out a few “emergency” codes or you can have Google call/text you a code (so those of without a Smartphone can still use this service).

So now that we know what two-factor is and how Google has rolled it out… some caveats.

First – Besides Blizzard’s Battle.net accounts, no one else uses two-factor authentication on the web (plenty of companies use it internally).  So anything that you uses, that uses your Google account… is going to have issues.  This includes third party chat applications that you use with Google Talk, your Android phone and iPhone.  To get around this issue Google implemented a “single use password”.  You type in the application (Chrome Sync, Android Phone, etc) and Google will auto generate password for you.  The only issue with these passwords is that they just contain numbers and letters (though completely random).

Second – It can be a pain.  Security usually is, but it can be worth it.  Every time you log into Google you have to pull out your phone or have them call/text you.  Thankfully, Google implemented a “remember me for 30 days” feature that you can use… say on your home computer.

Overall, it is nice to see Google stepping forward again in security.  So many of us, now days, rely so heavily on Google services, that our life literally depends on keeping these accounts secure.  If you haven’t setup two-factor authentication, here is a quick “how-to”.

1. Log into Gmail and go to your “Account Settings”
2. Click on “Using 2-step verification” under your Personal Settings> Security
3. It will now step you through the process
4. For more information and help, head on over to Google’s Help: http://www.google.com/support/accounts/bin/topic.py?topic=28786

If you get anything out of this article it should be “use two-factor authentication!”.  If you don’t want to go this route, at least setup a strong, unique password (using numbers, upper and lower case letters and special characters).  Security can sometimes be a pain, but if it can stop someone dead in their tracks, it is definitely worth it!

Till next time!