

Ask HN: Google 2 factor authentication security? - Havoc

I've got it enabled &#38; it works well using the authenticator android app. I'm worried about the android device though: If I lose it someone has a device with both the authenticator plus android apps (gmail etc) that allow access.<p>Is this enough for the crook to take control over the account? i.e. Can one change the master password from there or will I always be able to kill the device specific password with my PC + Master password?
======
evilduck
If you printed out the hardcopy one-time codes like they instruct, you can
immediately log in with that as soon as you realize the phone has been lost
and remove the Android device from your account so that it can no longer
generate the 2-factor codes.

You also can't change your Google Account password from your phone and once
you enable 2-factor auth, your Android phone's sync/email/etc uses an
application specific password to authenticate so your master password isn't
used on the device anymore. You can also kill that application specific
password from your web-based profile settings and while it doesn't "wipe" the
phone, it halts further syncs.

~~~
Havoc
Excellent just what I wanted to know. Thanks

