Google's two-factor authentication system is a great way to keep your email and other accounts safe, especially if you've always got a smartphone (or even a dumb phone) around. Today Google is adding even more options beyond the current phone call, text message, email, and app-based verification. The latest update to the desktop version of Chrome lets you use a USB key as your two-factor security token, ensuring access via both your physical presence and your login password.
A couple of days ago, Google began rolling out the latest version of its Play services apk to the massive audience of Android users around the world. This is a particularly special release for developers because it finally expands coverage of the Google Fit Preview SDK to those who either don't have a Nexus 5 or 2013 Nexus 7, or simply aren't willing to flash the last L Preview firmware onto them.
Account security is a tough issue for a lot of people. It's a constant balancing act between having a stronger system to keep out would-be invaders while also making it convenient enough that users won't reject it. After Google began offering its own 2-step verification system, several other services adopted the same mechanism and opt-in model for people that wanted more than a single password protecting their personal data. This generally left users with Google's Authenticator app, which got the job done, but it lacked features and languished on an early Holo dark design.
When certain things finally happen, they make us want to search for that hidden ladder that takes people up to the rooftop and scream "Hallelujah," religious or no. This is one of those things. Google apparently no longer requires people with two-factor authentication enabled to sign in twice when setting up a new Android device or adding another account. Better yet, this change doesn't require Android L or anything fancy. Here's a video of the magic taking place on an HTC One M8.
Users of newer versions of Windows or just about any Microsoft web service might be familiar with the company's rudimentary two-factor authentication system. If it's been a while since you've logged in or you're setting up a new Windows device, it might ask you for a verification code, accessible from a backup email account. Of course that can be a pain if you don't remember the password for that account, or simply don't want to dig it out.
Tumblr has rolled out a new two-factor authentication option that, once enabled, decreases the likelihood of someone breaking into your Tumblr account. Rather than just a password, you will also need to type in a key generated by your Android device. We've already seen Google, Facebook, and Twitter implement this functionality, so while it's about time, it's also better late than never.
You can enable the feature through your Tumblr settings page.
Today's Twitter update has a keen focus on security. Back in May, the company introduced an SMS-based two-factor authentication system for signing into the service. Now login requests can be be verified using just the mobile app. Users can sign into Twitter and enjoy the extra security of two-factor authentication without having to provide a phone number or worry about cell reception. The app also generates backup codes just in case your phone isn't available when you want to sign in later on.
Several weeks ago, Dropbox suffered a small security breach that gave wrong-doers access to a few unlucky users' email addresses. On the good side, it also brought the vulnerability to the Dropbox staff's attention. Since then, they've been working hard to beef up security, and today, they introduced two-step verification.
Much like Google's two-factor authentication, once enabled this requires you to login using two different sets of verification: your password and a unique identifier sent in either a text message or generated locally on the device using the authenticator app (which you have the option to get via QR during the set up process).