Two months ago I decided Google's 2-step verification was an incomplete mess unsuitable for use by non-geeks.
Today I decided it's the spawn of Satan.
This is what happens if you refresh an iPhone running Authenticator - either a new phone or restore from backup
- Restore iPhone from backup
- Authenticator settings gone
- Per directions to account page for 2-step verification settings.
- Discover, despite 30 day authorization, my computer wants authenticator token today.
- Fortunately, I have my old phone. That works.
- Realize that there's no support for authenticating a new phone. Ok, I'll just turn off the iPhone ...
- Get the QR code. That works ... but
- All the friggin' application specific passwords are gone -- all revoked.
Do you know how friggin' long it takes to enter all those application specific passwords across multiple machines and operating systems?! Can I scream now?!
Friends don't let friends use 2-step verification.
Update: A few minutes later and, for now. I see my (not) application-specific passwords and they still seem to work. So only almost the spawn of Satan. Google needs a workflow to support migrating from one iPhone to another.
- Gordon's Tech: Implementing Google's two factor authentication - early days
- Gordon's Tech: The massive security hole in Google two factor authentication - problems
- Gordon's Tech: Making the most of Google's alternative "2-step" verification model - more problems
- Gordon's Tech: Google Chrome sync does not work with 2-step verification - still more problems