Use Google 2-Step Verification, To Protect Yourself

Our Blogger accounts, and blogs, are under persistent attack by some rather nasty Internet users.

Hackers, using other peoples computers, are constantly attempting to "guess" our Blogger passwords, and take control of our Blogger accounts and blogs. Blogger accounts are particularly vulnerable to attack, because too many blog owners
  • Reveal their account names (email addresses) to the world.
  • Base their passwords upon real life details.
  • Publish blogs, where their real life details are visible to the world.

Some blog owners think that by using only one computer forever, they should be able to register that one computer as theirs, and require Google to simply deny access to their Blogger / Google accounts, from any other computer. This is a very simple solution - and it's one which is doomed to failure.

Google knows that even the most careful person will periodically use a different computer - or possibly forget their Blogger account name and / or password.

Google lets us register a telephone for authentication - text or voice.

Rather than attempt to restrict us to using one single computer, for eternity, Google gives you an option to use a previously registered telephone as an authentication token, whenever you use a different computer. The telephone can use either text or voice, and provide you with a one use passcode, to enter after you successfully enter your account name and password.

Telephone use as an authentication token is not a perfect solution.

This is, admittedly, not a foolproof solution.
  • Some people will not want to provide their phone number, to Google.
  • This strategy will only work with a preregistered phone - and registration can only be done when you are logged in to Google.
  • If the pre registered phone uses text (a smart phone / mobile computer), it will be usable only where cellular service is available.
  • If the pre registered phone uses voice, it will be usable only as well as you understand computer synthesised "speech".
  • In either case, in some cases, stress will contribute to the possibility of making a mistake.
  • Since a pre registered phone is required, you will be able to use this only as long as you carry your smart phone - or login from a pre determined location.

Besides registering a telephone, you have other options.

When you use a different computer, or connect from a different geographical location, you may be asked to prove your identity, after entering the correct account name and password.

Google provide several options, to suit you better.
  • A physical USB key.
  • Backup, one use authentication codes.
  • An authentication code generator, installed on your smartphone / tablet.

You can buy one or more USB security keys, to carry with you.

You can find out about the USB Security Key option, at the security key website.

You register a security key, from your "My Account" page, under "Signing in to Google" - "2-Step Verification". You will be required to sign in, again.

You can generate a one time passcode set.

You can obtain a set of 10 one use passcodes, which you can carry as backup tokens, and / or print or save a text file.

You can generate a set of one use passcodes, and special app passcodes, from your "My Account" page.

If you want to access your blog when needed, this gives you a better chance.

However, if you can deal with the above drawbacks, you have a much better chance of keeping your Blogger accounts and blogs under your control. Very few hackers, having successfully provided our account name and password, will be able to immediately use a pre registered telephone, to accept a one time use passcode.

Comments

Alanna Kellogg said…
Thanks for the reminder on two-step verification, I’d turned it off because it was unwieldy but the risks today are just too great.
Leslie Hanna said…
Bummer that I'd need to provide my phone number. I don't want to do that, so I guess I'm S.O.L. :(