The two step

After the recent news of a reporter having his digital life ransacked as a result of someone applying some social engineering-fu to amazon and apple, I re-enabled Google’s two-step authentication. The pitfall for me last time I tried it was discovering that there was no way to accommodate relaying email through gmail with two-step authentication. It didn’t occur to me or I objected to it on principle but all I needed was an additional gmail account just for that. The username is an md5 hash of…something, as is the password.

Interesting to see how many third parties I have allowed to use my Google ID as a credential. The dilemma there is, do I continue that with any attendant risks of linking them or do I set up accounts with every website that requires authentication? Of course, once Google buys them all it will be moot. But in the meantime…