Google Password
Chris:
Hello. I was set on buying Ooma when I saw Obi on Amazon. I was happy to learn that Obi has a great forum and customer support. I'm trying to learn about it before I take the plunge.
I'm a little bit paranoid about security and I even set-up my Google accounts for 2-step verification. I know I can create an application-specific password for Obi but I'm not sure how much access this will give someone to my Google accounts.
My questions are:
1. Should I be concered about giving another pary access to my Google accounts? I know Obi is probably trustworth. But still...
2. Should I just create a separate Gmail/Google Voice account just for Obi? What are the disadvantages of creating a separate account?
Thanks for your help!
infin8loop:
Hi Chris,
I am paranoid about security also. I had a Google account that I opened a few years ago to take advantage of a Google Checkout offer of a $10 rebate. I needed a printer cartridge and that's the only thing I'd ever bought on it. The first thing I did was go in and remove the linked credit card in Google checkout. Then I setup up Google 2-step verification and generated an application password for my Obi110/GoogleVoice. I didn't have a Gmail account either, so I setup one up one and signed up for GoogleVoice. The Google documentation that I've seen didn't really go into a lot of detail about what the application password allows and doesn't allow. The application password cannot be used to login to Google through the regular front door (html web pages). I haven't looked at the Google API, so gawd (and probably a lot of 12 year old hackers) only knows what it exposes you too (if anything). For now, not having a credit card linked works for me since I'm not making any international long distance calls on GV that cost money. If I do re-link a credit card it will be a "virtual credit card number" that only Google should be able to use. Many credit card companies offer these virtual numbers (Discover, CitiBank). If and when Google decides to change GoogleVoice to a paid model then I suspect we'll all need to have a payment method linked to our Google accounts in order to pay for the service. I'm not porting my AT&T landline (using the port to cell phone method first) to GoogleVoice until I see what the service is going to actually cost in the future. When I bought my Obi110 a few months ago, I hoped that I'd be able to get rid of one of the two AT&T landlines I have by now. But due to lack of spousal acceptance, I still have both of them and an Obi110 that just makes my life complete. One day soon I hope to pull the trigger and just port the landline number to voip.ms and be done with one AT&T landline. I'm sure that will go as well as at least two space shuttle missions that come to mind. The Pop Tart heat shields will likely fall off the Obi and it will burn up in re-entry. So, I think the biggest risk on a Google account is the attached payment method. Unless you are in the habit of emailing nekkid pictures like some congressmen and athletes. I see no particularly good reason to have two Google accounts for security reasons. I'm open to be convinced otherwise.
Chris:
infin8loop, thanks for your comments. I wish I could find more information about what someone can do with a Google application specific password.
My main concern about someone gaining access to my Gmail is many banks and financial institutions let you change your password by e-mailing you a new password. And many banks use your e-mail as your username. So if someone had your username and then use your e-mail access to change your password, then they can potentially have access to your bank accounts.
infin8loop:
Chris,
I'd be surprised (shocked actually) if a financial institution would allow a password reset by just sending an email to the client with a password reset link, temporary password, code-number, or some such without also prompting for some additional personal information that should be known only to the client (other than the password the client can't remember) to further authenticate the client.
You know those pesky personal security questions like:
1. The name of your first boyfriend or girlfriend or sheep friend?
2. Where did you lose your virginity? Where did you find it?
3. The name of your First Grade teacher that made you wish you had a car and were old enough to date her?
pc44:
Quote from: Chris on August 19, 2011, 09:13:05 am
1. Should I be concered about giving another pary access to my Google accounts? I know Obi is probably trustworth. But still...
To my knowledge, if you configure your Obi100 or Obi110 *directly*, Obihai has no access to it. I'm talking about not using Obihai's online portal and also disabling auto-provisioning.
Could someone please deny/confirm this?
Thanks,
pc44
Navigation
[0] Message Index
[#] Next page