Google 2 step verification security flaw on tablets

draftpeppin

Well-known member
Aug 22, 2010
81
6
0
Visit site
Hi,

I posted this at Google 2 step verification and auto-login on tablets? - Google Mobile Help but haven't heard anything. I am wondering if anyone else has noticed this or if someone could explain to me why there is no reason for concern on this. Here's what I asked:

I have a Samsung Galaxy Tab 10.1. Because I use Google 2 step verification, I had to generate a 16 character password to use the Gmail app on the tablet, just as I do with my Android phone.

It seems that this is enough to allow the "automatic sign-in is available" popup to come up in the stock browser.

This all seems convenient but....

My understanding of the app specific 16 character passwords is that they are slightly less secure than using the two-step verification, but that it's an acceptable limitation because with most of those apps, you can't change your password using any of them. To change your password, you have to actually login to a web browser and enter the code on your password generator app.

Well, after I go forward with automatic sign-in on the stock browser on my tablet, I seem to be able to get to the screen where I can change my account password.

Am I misunderstanding anything here or is this a bit of a security hole?

If I'm wrong, please explain the flaw in my understanding.

Thanks,

Steve
 

Trending Posts

Forum statistics

Threads
942,930
Messages
6,916,546
Members
3,158,745
Latest member
Carybaker