Friday, December 28, 2012

Google Two-Factor Authentication Fail

Just noting for the record:

... about an hour ago, I got "timed out" of access to my Gmail account when I turned on my travel computer. So, I re-logged in and got the expected result screen, demanding the numeric code that       ostensibly    had been sent to my mobile phone.

In fact, no message was sent.

I could not get a voice call sent to my backup phone, either, no matter how many ostensibly helpful Help page links I clicked.

I spent about another ten minutes trying to get the two-factor's second message sent to me, one way or another. Nothing worked. Just radio silence.

And so, I went on to other things, on the Internet, where I did not need a Google Password to do something.

A short while later, my phone buzzed, almost interminably, to let me know that I had seven or nine new text messages.

Of course they were all from Google: confirmation codes from when I bad wanted to log in, fifteen minutes or so ago, earlier.

#firstworldproblems? Eh, maybe. Yes, in this case.

But imagine if I had really, seriously, needed immediate access to my email. Like, a life or death situation. Or even some sort of Important Business Deal.

Just saying. When you promise to be all things for all people, you must be taken to task for episodes like this. The length of tonight's failure was unacceptable, Google.


TC said...

Do you really think someone at Google is listening or gives a shit what you think?

Don McArthur said...

When you set up 2-factor authentication with Google, you also generate a list of 10 single-use codes you are encouraged to print and store in your wallet. Each of those codes would have given you access immediately. You could even use one to disable a stolen phone associated with the account.

You did that, right? :-)

BTW, your captchas are almost impenetrable. I gabe it five tries for a readable one - the loast one worked, or I was done.

bjkeefe said...

@TC: Yes, in some sense I do. At the very least, in a statistical sense. Lots of companies trawl the Web looking for mentions of their names, so it seems beyond belief that the company who is best at that wouldn't collect such data about itself. Thus, it strikes me as worthwhile to air a complaint, or a compliment, for that matter, whenever I'm so moved.

@Don: Heh. Oh yes. I printed out those ten numbers. MONTHS ago. As soon as I signed up for two-factor authentication. Even tested one or two of them.

Now, if only I could remember what I did with that piece of paper ...

Sorry about the CAPTCHAs. I wish I had more control over that aspect, but I don't. The only option is to turn them off completely, which means a lot of spam almost immediately.

bjkeefe said...

A follow-up thought on the CAPTCHA issue: I just posted a comment over at Vagabond Scholar and had to deal with one of them. I remembered from last time I had to do one that one thing that helps is to magnify the page by repeatedly hitting Ctrl-+ (or Ctrl-=). Or the Mac equivalent with the Command key.

Makes it a lot easier to see, especially the blurry numbers.

bjkeefe said...

(And then hit Ctrl-0 (zero) to get things back to normal, in case you didn't already know.)

Substance McGravitas said...

Hmm, I didn't know it would do bad things if it timed you out. Sounds awful.

bjkeefe said...

To be fair, this is the only time this has happened. Gmail auto-logs me out every couple of weeks or so, and only occasionally asks for the second factor when I re-log in on a machine that I've previously used to log in to Gmail. And then the text message thing works fine. Until this one time.

Zo Kwe Zo said...

Have you considered installing the Google Authenticator app to your phone? It would have worked immediately!

M. Bouffant said...

Google kept asking me for a new e-mail acc't. whenever they signed me out; turns out that was because the fuckheads at Microsoft had deleted my 10-yr. old Hotmail acc't. because I hadn't logged into it for whatever length of time.

You can imagine how happy I was to lose X yrs. of corrrespondence like that.

bjkeefe said...

@Dan: Heh. My phone is way too dumb to install apps. But maybe I'll be getting a smart one, one of these years!

@M.B. That's a damn shame. I can't believe MS did that. There is no excuse. None whatsoever. Whatever disk space you were using was essentially zero, at the scale of one person's account on Hotmail.

I bet they could recover it if faced with a subpoena, though.

Anonymous said...

Hello, i read your blog from time to time and i own a similar one
and i was just curious if you get a lot of spam responses?
If so how do you reduce it, any plugin or anything you can suggest?
I get so much lately it's driving me mad so any assistance is very much appreciated.

my blog :: Solve Captchas

bjkeefe said...

I get very little spam with the CAPTCHA turned on, and too much with it turned off.

However, this binary state is not so good. The CAPTCHAs are now so hard that they keep actual people from leaving actual comments, so what I really wish is that Blogger would let me have a knob, to dial down the difficulty, if you know what I mean.