After a couple of weeks with Apple and Google two-factor authentication running, I thought I should give you an update. After the initial huge pain from Google, and the very mild pain from adding two-factor authentication from Apple, they both settled down and I haven’t been challenged for an authorization code in the last couple of weeks. Now that I’m over the hump, I have to admit that Bart was right when he said once you have it set up, it doesn’t bother you very often at all.
Bart also explained something (about 12 times till I grokked it) that helped me understand one vital piece.
Remember I kept saying that I didn’t understand how some devices (like my MacBook) were allowed to get into the tools even though I had only authorized my iPhone? I kept thinking that the device that was receiving the codes was the authorized device. Bart explained that the devices receiving the codes…are just receiving codes! They’re not authorized at all. Once you log in on a new device (after receiving the code from your phone) the new device is the one that got authorized.
That sounds so obvious and some larger percentage of you are laughing at me for not getting it, but I figure there’s a few out there that would be confused as I was. Now that I understand this, it all makes a lot more sense.
I was emboldened enough by the lack of prompting by Apple and Google, that I I decided to turn on two-factor authentication with my two banks. In both cases I am ALWAYS challenged to enter a code when I log into the sites, even on what I’ve told it are my trusted computers. You’ll be surprised to hear me say that I’m glad about that. This isn’t my email I’m protecting, or my Facebook credentials, it’s my MONEY. Since I have all of my devices set to receive text messages directed at my phone number, I can be on any device and ask to log in and I’ll see the SMS with the code to enter the gates. It’s a wonderful thing. And I feel quite silly for not having done it sooner.
I hope I didn’t talk any of you out of doing two-factor authentication because of how annoying it was to enable it. I knew at the time that sharing my experience could dissuade some of you from doing the right thing to protect yourselves, but I couldn’t bring myself to either not tell you how I felt about it, or worse yet, claim it wasn’t that bad. Google WAS that bad, Apple was pretty easy considering how many devices I have, and my banks were no trouble at all.
So if you’ve been putting this off, set aside some time and jump in and do two-factor authentication on the things you really care about on line.