Can I use Obi with Google Voice without giving my password?
CoalMinerRetired:
Quote from: Lavarock7 on October 20, 2012, 06:07:48 pm
For what it is worth, it is my understanding that Obi takes that password and encrypts it but the clear password does not get saved in the box or on their server.
Perhaps someone else can chime in with more info.
Quote from: geva on November 19, 2012, 09:20:14 am
One would hope that the password is encrypted as it is put into the database. That doesn't mean that it is safe however. All passwords like this that one system uses to connect to another need to be decryptable, meaning hackers can also decrypt them.
You shouldn't be surprised that OBi wanted your Google password. They cannot connect you to your GV and other services without out. Otherwise just anyone could type in your e-mail address and start taking your phone calls and using your GV line. That wouldn't work!
As was mentioned, a common best practice is just to create another Google account that is not related or connected to your main Google account. This not only separates things but also protects your main Google account much better.
Disclaimer: I only know what I've read on Obi's website and on here, but I do pay close attention to this topic.
Obi has a wizard (link) to setup Google Voice. I quoted what it says below. Note that this wizard is independent of the ObiTalk Portal, it writes configuration information directly to you device and the ObiTalk Portal is not involved. I've seen a similar statement somewhere about the ObiTalk Portal and how it handles passwords, at the moment I can't find those statements. In hindsight, I'm hoping the statements are the same for the local wizard and the portal.
Quote
Note about your Gmail username and password: This configuration utility is for easy placement your Gmail username and password information into the OBi device on a trusted network. Your Gmail password is not stored by Obihai or OBiTALK servers. Your Gmail username and password are used only by your OBi device to communicate with Google servers. Communication between the OBi device and Google servers is secured using HTTPS.
Felix:
First, I want to second what CoalMinerRetired said: as far as I understand, Obi doesn't store any provider passwords on their servers. If you set up your adapter through the portal, Obitalk server pushes the settings to the device, but doesn't keep the password. There is certainly no reason for them to keep it... it is your device that registers with the provider (Google or SIP), and Obitalk is not a participant in this transaction.
Now, I am not affiliated with Obihai, so I can't know for sure. It is possible that for some weird or malicious reason Obi captures the password as it pushes it to your device and then stores it in some way. If that is a concern, I would not use Obitalk Web portal at all and administer the device through device UI. There are many good arguments to do that way anyway (note, I prefer to administer through the portal - but I respect those arguments nevertheless). See the sticky in this forum for more info.
Separating gmail accounts should be done for different reasons (there may be problems if you are reading your gmail mail, and your obi is registered to google voice at the same time). And encrypting password as it travels from your browser to portal servers and from the portal to your device is really independent of your question.
KenShabby:
There's no need to create a separate Google account for your Obi device. Just create an "application-specific password" for your GV account and use that for your ObiTalk account:
https://support.google.com/mail/bin/answer.py?hl=en&answer=1173270
https://support.google.com/accounts/bin/answer.py?hl=en&answer=185833
infin8loop:
Quote from: KenShabby on December 03, 2012, 07:44:12 am
There's no need to create a separate Google account for your Obi device. Just create an "application-specific password" for your GV account and use that for your ObiTalk account:
https://support.google.com/mail/bin/answer.py?hl=en&answer=1173270
https://support.google.com/accounts/bin/answer.py?hl=en&answer=185833
Unfortunately an "application-specific password" doesn't protect your account the way you might think. It's simply a way around two factor authentication for those applications that cannot or choose not to prompt for a single-use code that's used in addition to your regular password that makes two factors of authentication. Anyone in possession of an "application-specific password" (in this case we're concerned with Obihai knowing it from your OBi configuration) can use that application-specifc password in any google application (or client) that accepts an application-specific password. The application you specify at the time you create the application-specific password is freeform text intended to remind you of what application you generated it for, the password is not locked to that application. This lets you revoke the application-specific password if the device (a phone for instance) is lost or stolen. I proved this to myself months ago by getting into my own Google email using an application-specific password that I had generated for my OBi110. Obviously I used a google email client that accepted an application-specific password. If Obihai (or anyone else) has your userid and application-specific password they could also use the same google email client or similar and access your email. I am not saying Obihai does this. I'm just saying the application-specific password doesn't seem to be a solution to the issue. Sorry.
twinclouds:
Not sure this problem has been solved but I had the same concern when I started configuring my new obi110 (yesterday!). Actually, you can configure it for GV without using the portal but through the webUI of the device. It took sometime to figure that out but I found it has already documented here: http://www.obitalk.com/forum/index.php?topic=4802.msg31210#msg31210.
It doesn't ObiHai is not safe, but if you really like do everything on you own, it worth taking a look.
Navigation
[0] Message Index
[#] Next page
[*] Previous page