Google recently announced it’s rolling out a two-step verification process
for accessing your Google accounts — Gmail, Google Apps, Google Docs,
among others. So, for example, not only would someone need to know your
password, they’d need to also have to have your mobile phone to receive
the randomly generated PIN code Google sends when you try to log into
your account from a new Web browser.
I’ll definitely be turning on two-step verification when it becomes
available for my account. I’m reminded, though, that I used to reuse the
same set of passwords for multiple sites and services online. I knew
better, but it was impossible to keep track of the dozens that would be
required if I had a different one for every site and service.
I had a system, with different levels of passwords for different
types of sites. I never reused my bank password, I used highly secure
passwords for sites with private data and I used lower-security
passwords for general sites that don’t store private data. It wasn’t a
bad system, but if one site was compromised and my ID and password were
stolen, the hacker could gain access to other sites.