Ask HN: Google 2 factor authentication security?
I've got it enabled & it works well using the authenticator android app. I'm worried about the android device though: If I lose it someone has a device with both the authenticator plus android apps (gmail etc) that allow access.
Is this enough for the crook to take control over the account? i.e. Can one change the master password from there or will I always be able to kill the device specific password with my PC + Master password?
2 comments
[ 3.4 ms ] story [ 15.0 ms ] threadYou also can't change your Google Account password from your phone and once you enable 2-factor auth, your Android phone's sync/email/etc uses an application specific password to authenticate so your master password isn't used on the device anymore. You can also kill that application specific password from your web-based profile settings and while it doesn't "wipe" the phone, it halts further syncs.