Google 2-step verification: Should my phone know my password? [closed]

Posted by Sir Code-A-Lot on Super User See other posts from Super User or by Sir Code-A-Lot
Published on 2011-02-21T12:20:15Z Indexed on 2011/02/21 15:27 UTC
Read the original article Hit count: 216

Filed under:

google-accounts

Hi,

Just enabled 2-step verification for my Google account. I have installed Google Authenticator on my Android phone, and I set up an application specific password for the Google account associated on my phone.

This works great when just using installed apps like Gmail, Calendar and Google Reader.

But if I want to access Google Docs, Google Tasks or any other website that requires a Google login, I don't seem to be able to use a application specific password. I have to use my real password and then use Google Authenticator to make a code for the next step.

This means if my phone is stolen, revoking the password to my phone is pointless. The phone have already been verified, and all that is needed is my password, which the phones browser will have remembered.

I realize that I can take measures to ensure the phones browser doesn't remember my password, but that's just not convenient at all.

Am I missing something, or is there no elegant solution to this? Should I just let my phone know my real password?

As I see it, being able to login with application specific passwords on websites (which apparently isn't possible) is the only way I can revoke my phones access in a meaningful way.

Related posts about google-accounts

Google Accounts

as seen on Super User - Search for 'Super User'
Hi all, I need to setup a bunch of accounts (~50) with Google which will later be hooked up to Analytics and the Webmaster tools and I will access them via their APIs. The problem is that Google will stop me from making accounts at a certain point because it thinks I'm spamming it. I've tried bypassing… >>> More
Week in Geek: Google Drive Desktop Client Allows Backdoor Access to Google Accounts

as seen on How to geek - Search for 'How to geek'
Our last edition of WIG for October is filled with news link coverage on topics such as Microsoft may not issue a second Windows 7 service pack, Windows Media Center is free for Windows 8 Pro users for limited time, CyanogenMod logged swipe gestures used to unlock Android devices, and more. What… >>> More
google-app-engine-django: authentication without Google accounts?

as seen on Stack Overflow - Search for 'Stack Overflow'
google-app-engine-django/ claims to have an "App Engine compatible implementation of the Django authentication framework". Does this authentication work only with Google Accounts? Is it possible to register a user with a username/password and authenticate him/her with that username/password without… >>> More
Two Google accounts in firefox for email/reader/openid

as seen on Super User - Search for 'Super User'
I usually checking my personal gmail account account at work, and I have another gmail account for work/professional purpose. Now I am starting to see more sites using OpenID. The problem I am facing is that I want to check my gmail from firefox, but I want to use my work google account to login… >>> More
RSS reader that supports multiple google accounts?

as seen on Super User - Search for 'Super User'
I've been looking around for an RSS reader that can handle more than 1 google account? I have multiple gmail addresses for different things in life. I separate mails this way and also RSS feeds. This works fine on google reader, but i would like to have a desktop app that can handle multiple accounts… >>> More

Developer IT