Hi,
I posted this at Google 2 step verification and auto-login on tablets? - Google Mobile Help but haven't heard anything. I am wondering if anyone else has noticed this or if someone could explain to me why there is no reason for concern on this. Here's what I asked:
I have a Samsung Galaxy Tab 10.1. Because I use Google 2 step verification, I had to generate a 16 character password to use the Gmail app on the tablet, just as I do with my Android phone.
It seems that this is enough to allow the "automatic sign-in is available" popup to come up in the stock browser.
This all seems convenient but....
My understanding of the app specific 16 character passwords is that they are slightly less secure than using the two-step verification, but that it's an acceptable limitation because with most of those apps, you can't change your password using any of them. To change your password, you have to actually login to a web browser and enter the code on your password generator app.
Well, after I go forward with automatic sign-in on the stock browser on my tablet, I seem to be able to get to the screen where I can change my account password.
Am I misunderstanding anything here or is this a bit of a security hole?
If I'm wrong, please explain the flaw in my understanding.
Thanks,
Steve
I posted this at Google 2 step verification and auto-login on tablets? - Google Mobile Help but haven't heard anything. I am wondering if anyone else has noticed this or if someone could explain to me why there is no reason for concern on this. Here's what I asked:
I have a Samsung Galaxy Tab 10.1. Because I use Google 2 step verification, I had to generate a 16 character password to use the Gmail app on the tablet, just as I do with my Android phone.
It seems that this is enough to allow the "automatic sign-in is available" popup to come up in the stock browser.
This all seems convenient but....
My understanding of the app specific 16 character passwords is that they are slightly less secure than using the two-step verification, but that it's an acceptable limitation because with most of those apps, you can't change your password using any of them. To change your password, you have to actually login to a web browser and enter the code on your password generator app.
Well, after I go forward with automatic sign-in on the stock browser on my tablet, I seem to be able to get to the screen where I can change my account password.
Am I misunderstanding anything here or is this a bit of a security hole?
If I'm wrong, please explain the flaw in my understanding.
Thanks,
Steve
Facebook
Twitter
Instagram