{"id":9003,"date":"2016-06-12T15:47:54","date_gmt":"2016-06-12T22:47:54","guid":{"rendered":"http:\/\/www.podfeet.com\/blog\/?p=9003"},"modified":"2016-06-12T15:51:26","modified_gmt":"2016-06-12T22:51:26","slug":"two-factor-authorization-not-as-bad-as-i-thought","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2016\/06\/two-factor-authorization-not-as-bad-as-i-thought\/","title":{"rendered":"Two-Factor Authorization Not as Bad as I Thought"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2016\/06\/sms_2fa_code.png\" alt=\"Sms 2fa code\" title=\"sms_2fa_code.png\" border=\"0\" width=\"336\" height=\"334\" style=\"float:right; margin:5px;\" \/>After a couple of weeks with Apple and Google two-factor authentication running, I thought I should give you an update.  After the initial huge pain from Google, and the very mild pain from adding two-factor authentication from Apple, they both settled down and I haven&#8217;t been challenged for an authorization code in the last couple of weeks.  Now that I&#8217;m over the hump, I have to admit that Bart was right when he said once you have it set up, it doesn&#8217;t bother you very often at all.<\/p>\n<p>Bart also explained something (about 12 times till I grokked it) that helped me understand one vital piece.  <\/p>\n<p><!--more--><br \/>\nRemember I kept saying that I didn&#8217;t understand how some devices (like my MacBook) were allowed to get into the tools even though I had only authorized my iPhone?  I kept thinking that the device that was receiving the codes was the authorized device.  Bart explained that the devices receiving the codes&#8230;are just receiving codes! They&#8217;re not authorized at all.  Once you log in on a new device (after receiving the code from your phone) the new device is the one that got authorized.<\/p>\n<p>That sounds so obvious and some larger percentage of you are laughing at me for not getting it, but I figure there&#8217;s a few out there that would be confused as I was. Now that I understand this, it all makes a lot more sense.<\/p>\n<p>I was emboldened enough by the lack of prompting by Apple and Google, that I  I decided to turn on two-factor authentication with my two banks.  In both cases I am ALWAYS challenged to enter a code when I log into the sites, even on what I&#8217;ve told it are my trusted computers.  You&#8217;ll be surprised to hear me say that I&#8217;m glad about that.  This isn&#8217;t my email I&#8217;m protecting, or my Facebook credentials, it&#8217;s my MONEY.  Since I have all of my devices set to receive text messages directed at my phone number, I can be on any device and ask to log in and I&#8217;ll see the SMS with the code to enter the gates.  It&#8217;s a wonderful thing.  And I feel quite silly for not having done it sooner.<\/p>\n<p>I hope I didn&#8217;t talk any of you out of doing two-factor authentication because of how annoying it was to enable it.  I knew at the time that sharing my experience could dissuade some of you from doing the right thing to protect yourselves, but I couldn&#8217;t bring myself to either not tell you how I felt about it, or worse yet, claim it wasn&#8217;t that bad.  Google WAS that bad, Apple was pretty easy considering how many devices I have, and my banks were no trouble at all.<\/p>\n<p>So if you&#8217;ve been putting this off, set aside some time and jump in and do two-factor authentication on the things you really care about on line.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>After a couple of weeks with Apple and Google two-factor authentication running, I thought I should give you an update. After the initial huge pain from Google, and the very mild pain from adding two-factor authentication from Apple, they both settled down and I haven&#8217;t been challenged for an authorization code in the last couple [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147],"tags":[568,922,923,50,567],"class_list":["post-9003","post","type-post","status-publish","format-standard","hentry","category-blog-posts","tag-2fa","tag-banking","tag-banks","tag-security","tag-two-factor-authentication"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/9003","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=9003"}],"version-history":[{"count":5,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/9003\/revisions"}],"predecessor-version":[{"id":9011,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/9003\/revisions\/9011"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=9003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=9003"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=9003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}