On Wed, Jul 24, 2013 at 07:23:23AM -0700, James Bottomley wrote: > > Yes, just to emphasise, the phone number thing is completely unviable > for me as well. They want to send you a code every time you log on. > It's founded on the assumption you have a single number that can reach > everywhere, which obviously doesn't work when you're travelling. > > I thought they had something which used the google authenticator app? > Which can generate the codes without needing an active cell connnection. There is a google authenticator app. Having the codes sent via SMS is an option, but it's certainly not the only way to use 2 factor authentication. It's been a while since I've done the 2FA signup flow, but I believe they had streamlined it a bit to make it easier to use. It may have been that one of the ways the 2FA signup flow was streamlined was to assume that everyone would have a cell phone which was SMS-capable, but not everyone would have an Android phone. But after you enable 2FA, it is definitely possible to set it up to use the android application. Also, you don't need to enter the code every single time you log in, at least not for consumer accounts. You can specify that this is a trusted machine; if you do this, then after you enter the code, an 2FA authentication cookie which is good for 30 days is set on your browser, and you don't need to enter the code again subsequently. On the other hand, if you're one of the people who are carefree^H^H^H^Hless to be willing to log in on kiosk machines, or in general on any machine which you don't personally control, you can simply leave the check box unchecked, and the 6-digit code will only be good for that particular login session. You may have noticed Google employees needing to enter a code much more frequently, and it may be that if you are using an enterprise Google account, your enterprise I/T manager can set different policies for enterprise account. But what I've described above is the case for all consumer accounts --- you do have the option of using a Google Authenticator application, which is available for Android and IOS devices, which generates a RFC-6238 compliant time-based TOTP code; and you have the option of designating the browser and the computer which is running on as trusted, in which case you only need to do the 2FA authentication procedure every 30 days. Cheers, - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
