Skip to main content

Use Google 2-Step Verification, To Protect Yourself

Our Blogger accounts, and blogs, are under persistent attack by some rather nasty Internet users.

Hackers, using other peoples computers, are constantly attempting to "guess" our Blogger passwords, and take control of our Blogger accounts and blogs. Blogger accounts are particularly vulnerable to attack, because too many blog owners
  • Reveal their account names (email addresses) to the world.
  • Base their passwords upon real life details.
  • Publish blogs, where their real life details are visible to the world.

Some blog owners think that by using only one computer forever, they should be able to register that one computer as theirs, and require Google to simply deny access to their Blogger / Google accounts, from any other computer. This is a very simple solution - and it's one which is doomed to failure.

Google knows that even the most careful person will periodically use a different computer - or possibly forget their Blogger account name and / or password.

Google lets us register a telephone for authentication - text or voice.

Rather than attempt to restrict us to using one single computer, for eternity, Google gives you an option to use a previously registered telephone as an authentication token, whenever you use a different computer. The telephone can use either text or voice, and provide you with a one use passcode, to enter after you successfully enter your account name and password.

Telephone use as an authentication token is not a perfect solution.

This is, admittedly, not a foolproof solution.
  • Some people will not want to provide their phone number, to Google.
  • This strategy will only work with a preregistered phone - and registration can only be done when you are logged in to Google.
  • If the pre registered phone uses text (a smart phone / mobile computer), it will be usable only where cellular service is available.
  • If the pre registered phone uses voice, it will be usable only as well as you understand computer synthesised "speech".
  • In either case, in some cases, stress will contribute to the possibility of making a mistake.
  • Since a pre registered phone is required, you will be able to use this only as long as you carry your smart phone - or login from a pre determined location.

Besides registering a telephone, you have other options.

When you use a different computer, or connect from a different geographical location, you may be asked to prove your identity, after entering the correct account name and password.

Google provide several options, to suit you better.
  • A physical USB key.
  • Backup, one use authentication codes.
  • An authentication code generator, installed on your smartphone / tablet.

You can buy one or more USB security keys, to carry with you.

You can find out about the USB Security Key option, at the security key website.

You register a security key, from your "My Account" page, under "Signing in to Google" - "2-Step Verification". You will be required to sign in, again.

You can generate a one time passcode set.

You can obtain a set of 10 one use passcodes, which you can carry as backup tokens, and / or print or save a text file.

You can generate a set of one use passcodes, and special app passcodes, from your "My Account" page.

If you want to access your blog when needed, this gives you a better chance.

However, if you can deal with the above drawbacks, you have a much better chance of keeping your Blogger accounts and blogs under your control. Very few hackers, having successfully provided our account name and password, will be able to immediately use a pre registered telephone, to accept a one time use passcode.


Alanna Kellogg said…
Thanks for the reminder on two-step verification, I’d turned it off because it was unwieldy but the risks today are just too great.
Leslie Hanna said…
Bummer that I'd need to provide my phone number. I don't want to do that, so I guess I'm S.O.L. :(

Popular posts from this blog

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.

Help! I Can't See My Blog!

I just posted to my blog, so I know that it's there. I can tell others are looking at it. But I can't see it.

Well, the good news is you don't have a blog hijack or other calamity. Your blog is not gone.

Apparently, some ISPs are blocking *, or maybe have network configuration or infrastructure problems. You can access or you can access, but you can't access, or

You can't access them directly, that is. If you can access any free, anonymous proxy servers, though, you may be able to access your blog.

Note: You can use PKBlogs with the URL pre packaged. Here is the address of this post (with gratuitous line breaks to prevent the old post sidebar alignment problem):

And an additional URL, to provide to those suffering from this problem, would be the WordPress version of this post: