Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

But what if your phone gets stolen?

Google 2 factor authentication needs 3 things: your Google username, your password, and the token number generated by the authentication application. Stealing your phone gets one of those things.

Or, what if my iCloud gets hacked and my iPhone is remotely erased, can I still access my Gmail and Facebook enough to remove my phone from them?

You get 10 single-use codes to print out for this situation. You can revoke these code and generate new ones whenever and as often as you like.

Your concerns were all similar to what I had. Another was that I have programs that need programatic access to my Google account and I don't want to rewrite them to use 2-factor authentication. That is solved by generating a revokable application specific password.

I found that turning it on and trying it out answered a lot of concerns I had.



> Stealing your phone gets one of those things.

2 of those things, if you have an android and they're smart enough to go to Settings > Accounts

And they can get your password if you have your browser remember it.

So, potentially, losing your android could mean losing your account.


You can't access your account settings without retyping your password. I think that password entry is excluded from browser auto entry.

In any case, there is a fairly easy solution here: don't let your phone web browser remember your Google account password.


Not if you have turned on screen lock and encryption.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: