After hearing about a prominent user's hacked digital life, I turned on Google 2-factor authentication. I did notice that in order for my smartphone to continue accessing my email without needing to enter a code SMS'd to the phone, I needed to create an "application-specific password" for my smartphone email client. Momentarily I sensed there was a security weakness here. But because I had a general positive feeling that Google was very security-conscious, I thought the smart people working there had probably closed all the loopholes in this situation. Then today I became aware of Google's ASP password issues. Now I have to re-think if I have any very sensitive data stored in Google Drive. I also no longer consider Google above and beyond the other online companies out there in a security sense: Google has sunk to the depths of Dropbox and Sony.
I believe that one of the big reason that users love their smartphones and tablets is because they don't have to re-enter their passwords. I use a lot of cloud services like Evernote, various web email services and social networking sites and whereas the web version of these services will prompt me to re-enter the password on a frequent basis, the native smartphone versions NEVER prompt me. Google had to preserve this convenient experience for users of Gmail, Google Calendar, etc. on smartphones despite implementing 2-factor authentication, and they were screwed because of their poor implementation. How to get rid of passwords and still have security is the issue plaguing the digital industry.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment