2 Factor Authentication – How I panicked today

I have been using the two factor authentication for Google for quite some time and have never had any issues. I have it turned on for both my personal Google account as well as for my Wellesley account. On the latter one, it is of limited use because of our own use of single sign on. I experienced a real panic this morning that was an eye opener for me.

All began with me getting excited about a Chrome extension called Spaces for Chrome. Since I am big user of spaces on Mac OS, I got all excited about using this. I typically have 20-25 tabs open in my Chrome browser and I hate restarting it. Since this Chrome extension seemed to address grouping of the tabs as well as CPU/Memory savings, I thought I would try it out. I installed and happily reorganized my tabs based on some themes. Then I noticed that the Calendar extension had a red X on it. It said I needed to reauthenticate. So I did. Since I have set up two factor authentication, I was sent a code and everything seemed OK. But then, the red X came back. Disclaimer: I have no proof that it is this chrome extension that caused the problem. It is just an assumption!

I went to look at Chrome settings and it had an authentication failure. I reauthenticated, got the code on my cell phone and everything was fine again. Except…

While trying to figure this out, I closed and restarted Chrome and trying a few things out such as disconnecting my account. I must have done this 15 times or so, every single time, correctly typing my two factor code that was sent to the cell phone. I was getting really frustrated, so I removed spaces. Except, it never got synchronized with the server where Chrome keeps my settings. So, whenever I reauthenticated, it came back. I said, I am going to disable two factor until I figure this out!

As luck would have it, Google said, it was unable to send the verification code to my cell phone and to try again later! I was connected alright and I had unlimited text. Then I found out that excessive use of this disables Google from sending the code to the same phone number. Guess what, even if you are successful, it does not matter! Great security, but a pain.

I said, OK, let me ask Google to send the code to the backup phone number, which is my wife’s cell. It said it sent, but my wife never received. She is traveling overseas, but that does not matter. My SMS messages have been reaching her fine. Now, I was getting really desperate. I tried to see if my tablet and phone will allow me to get to the page where I can disable two factor. No luck. I needed to reauthnticate and it was telling me that it is unable to send the code to my cell!

I was getting panicky. Then it occurred to me that there was one more thing I could do. Two factor authentication allows you to use some codes. In order to be safe, I always saved them on my Mac and not on Google Drive (like I always do). Hmmm. it was dated 2012. Oh well, let me try. I tried a couple and failed. I said, perhaps I used a few of these already, so let me start from the last. That worked!

Moral of the story: 2 FA is a fabulous security mechanism to protect your account. However, you better set up enough backups for that one day when things go wrong like what I just described.

I have switched to using Google Authenticator on my cell phone as the primary 2 FA method. It is cool. You need to set it up for your account first. Then it autogenerates a code that is valid for a short period of time and you enter it. I have also set up both my cell phone, my wife’s and also my home phone number. For my home phone number, I have set it up to give me the code as voice. Then, I created new backup codes and saved it. I am determined to strike out codes that I use.

Leave a Reply