Frustrations with two-factor authentication

After some decidedly choppy performance from the Nexus 7, I decided to factory reset it. Shouldn’t be a problem I thought … everything is saved up in the cloud.

Sure enough, once the tablet is restarted I am presented with a login for my Google account. I give my username and password, however I have two factor authentication enabled. This is a mechanism whereby, once typing your password, you are asked for a six digit code which rotates quite frequently. The app runs on your tablet, your phone or you can receive text messages for the same. It dramatically improves the security of your account.

The sign-in procedure for the tablet can’t cope with two-factor, and redirects me to another (slightly dodgy looking) page where I have to type my password again (it’s not easy – intentionally cryptic, and a pain to type accurately on a tablet).

So, I temporarily turn off two-factor authentication, forgetting the multitude of programs which can’t cope with it need their own passwords (and will undoubtedly complain).

This isn’t right I remind myself We need to be secure about this, so after some progress on the tablet I re-enable two-factor authentication. Now, the tablet complains again – understandably – but I’m met with the same system that can’t understand its own servers … I’m redirected back to the odd-looking webpage (this is genuine Google, it just looks awful).

To make matters more interesting, Authenticator was installed on the tablet before, so I also need to re-enable that. Curiously, selecting the Google account didn’t work (after asking for the password yet again), so I resorted to the 16 character keycode.

Finally, it works. However, I’m left frustrated by the performance. It is concerning that those who might benefit from two-factor the most, the less technical user, are expected to run through the same hoops. Not a chance.

2 thoughts on “Frustrations with two-factor authentication”

  1. For devices/sites that do not support 2-factor authentication to your Google account, you can generate specific use passwords:

    You can visit this page:
    https://accounts.google.com/b/0/IssuedAuthSubTokens?hide_authsub=1

    (if the link doesn’t work, go to your Account > Manage security > 2-step verification settings > Manage application-specific passwords)

    This will generate a password you use for a specific reason, for example I have app-specific passwords for my Android phone login, XMPP chat etc.

  2. Thanks James. Actually I have some of these set up and they are useful, but my bigger gripe is that Google’s own systems can’t cope with 2-factor auth and the user experience suffers as a result. This seems a massive oversight. Hopefully we’ll get some resolution in the next Android release.

Comments are closed.