Hi All: While 2-factor authentication is indeed more secure, it is not a panacea. It would be a big mistake to set it up and think that you are safe from now on. (That's in part a response to Tim's question if he should worry.)
Rather, one should be always thoughtful of how their digital presence is organized: e.g. if one account is compromised, can that lead to a chain reaction that would make the damage very broad and deep? You don't want to keep all eggs in one basket. Of course, if it is your main e-mail account that is compromised, the perpetrator would have access to the information about your financial activity: bank, phone, utility, mortgage bills, etc. - combined and cross-references, they can reveal a lot of personal information that may be sufficient to gain access to at least some of your accounts. Of course, it's a balance between convenience of having everything online and paranoia of keeping everything totally unplugged. You may say: "I am making a conscious decision by choosing the convenience at the cost of the risk of dealing with the consequencies". That's fine. But even in this case, you can take some precautions. One possible way that I see is to have 2 separate e-mail accounts: one that is used for social activities (including Facebook, Linked-in, etc.) and thus exposed widely, and the other one that is strictly used for finance-related activity. Of course, - the two accounts should not be linked or "know" about each other (via Gmail invitation, e-mail address book, etc.) It is, indeed "security by obscurity", but in this case, it adds a layer or protection (albeit a thin one). What falls into a grey area in this schema is the payment services such as Paypal, Dwolla that use the e-mail address as the "public" account number. (Which, in my opinion, is a very bad practice.) Maybe a solution to that is to use the third, separate account. As for the 2-factor authentication of Google, - that's again a question "who do you trust?" By adding your cell phone number to your e-mail Google account, you are linking yet another piece of information to your G-account. Besides other concerns, Google already knows a lot about you. Do you trust that a) their information database won't be compromised? and b) they won't be using that information at some point? [*] Yes, in this case, the advantages probably outweigh the disadvantages. But as in any case, what important is that people make a thoughtful decision based on the information, instead of hiding their heads in the virtual sand. ----- [*] Note, that already, some companies have amended their privacy policies in a weird way. E.g. American Express credit card agreement now says something like this: "We may try to reach you at any phone number from which you ever called us, by calling or sending you text messages." Unlike in Europe, in the US, receiving SMS is not free. Either you pay for a monthly plan that gives you so many SMS messages, or you pay per message ($0.20 with Verizon Wireless - for either sending or receiving). I don't want to receive SMS from AmEx, Google or anybody else, unless _I_ explicitly want that SMS. ... The same, actually, applies to phone calls, especially if I am roaming internationally. Igor -- PDML Pentax-Discuss Mail List [email protected] http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
