After the recent news of a reporter having his digital life ransacked as a result of someone applying some social engineering-fu to amazon and apple, I re-enabled Google’s two-step authentication. The pitfall for me last time I tried it was discovering that there was no way to accommodate relaying email through gmail with two-step authentication. It didn’t occur to me or I objected to it on principle but all I needed was an additional gmail account just for that. The username is an md5 hash of…something, as is the password.
Interesting to see how many third parties I have allowed to use my Google ID as a credential. The dilemma there is, do I continue that with any attendant risks of linking them or do I set up accounts with every website that requires authentication? Of course, once Google buys them all it will be moot. But in the meantime…
Depending on what you mean by relaying email through gmail, you might be able to do it by setting up an application-specific password:
http://support.google.com/accounts/bin/answer.py?hl=en&answer=185833
In short, it’s a single-use password that you can use to authenticate via imap/pop/smtp, but not to any of the account management interfaces. And since it’s only being used for that one thing, it’s unlikely to be intercepted or stolen from reuse on another site. Very handy.
(And by “single-use” I mean you only use it for this one situation, not that you can only use it one time and then you have to create another one for the next time you want your mail server to relay a message through gmail.)
That didn’t work last time I tried this. I may try it again. But yes, you need application-specific password for everything. So mail on each device you use, for example.
Did you read the WIRED piece? What a confluence of fustercluckery. Between his lack of backup rigor, Apple and Amazon’s procedural fails, and the allure of the three-character Twitter handle he got jammed hard.