This morning I went to a party my daughter had organised the day before. Lot’s of youngsters, teenagers and students, around with their mobiles. Party went on all night long and when I arrived to were cleaning up. A few of the young guys were wandering around looking and asked for a computer. As I was “at the scene” some asked me to help them out. One of them seemed to have lost his mobile, running Google Android. At the computer he tried to access his Google account to find his phone – location service was not on but he wanted to make it ring. He ran into issues and to make sure you don’t I wrote this blog.
He ran into a catch-22
A catch-22 is a paradoxical situation, copied from a book with the same name by Joseph Heller. This was exactly that. He wanted to log on to his Google account to find his phone but to do so he needed his phone. Now, why was that? He had set up security so that not just everyone can sign in with his account. If a computer was not on the trusted list you couldn’t get in without adding it to trusted devices first.
To add it to trusted devices he needed his phone, his phone was the extra security. This whole endeavour to find his phone was cut short because he couldn’t verify access on that computer because he had no access to his phone. It’s classic Catch-22.
How to prevent a lock-out or catch-22?
So I was thinking about this and thought it might be a good idea to write about this. There are different solutions to prevent this lock-out. Security is needed but we need to make sure you don’t lose functionality over it. He had to go home, start a trusted computer and search for his Android phone while in the meantime his battery is draining and might die before he finds the phone.
When you look at your account in Google and go to Sign-in and Security you have a number of options. One is Find your phone, another one is to change your security options. So click on “signing into Google” to take a look there.
As you can see I changed my password last year October and I am using two-factor verification since 2015 already. The reason I don’t change my password that often is because of the fact it would get weaker instead of stronger by having to think of new ones more often. With the two factor verification, the notifications and the trusted devices, I feel safe enough.
My phone is set up for two-factor authentication so I will need to enter a code when I log on to an unknown device to get access to my account. That’s all fine but what would happen if I get so drunk I lost my phone? Without some other method of getting in, I would be searching for a long time.
Adding a third or fourth option for verification
There are checks already for when you lost your account, an extra phone number an emergency email address and so on. So for two-factor verification, you also have extra options. Basically, you have three options;
- Extra phone with an authenticator app
- Physical security key – find several here: Search on Google for “FIDO U2F Security Key”
- Printed security codes (printed does not mean on paper perse)
The first option is easy, you add the Authenticator app to another phone, not per se your phone, and you could use that to verify. Of course, you either need another phone or someone you trust enough.
The second option, the security keys are pretty safe. You have a token with you that you plug into a computer and it is used to verify. It however only works if there is a USB port (working on a mac). These keys are sold on the Internet.
If you don’t want to spend the extra cash and you don’t have an extra phone or lack of trust in someone you could simply print a couple codes. Google will create 10 codes for you to use, once you used them all, you can create new ones.
You can download or print the codes but please make sure you keep your codes safe. With these codes, your username and your password anyone has access to your account. So don’t back them up under a file called Google backup codes, be a bit more creative.
So what is the best solution not to get locked out? I think the best way is to have multiple options. If you could add an authenticator on a phone that would be great. A security key would be better as that is independent of your phone or computer. If you can’t do one of these print the key, add them in a file called a silly name or print a few and have them in your wallet. By doing a bit of work you have secure access to your account, no one has access and you can get access any time ay where on any device.