FYI: 2 factor authentication doesn't work with Chrome OS
637 views
Skip to first unread message
Caleb Eggensperger
Feb 11, 2011, 11:55:46 AM2/11/11
to Chromium OS discuss
For anyone considering Google's new 2 factor authentication feature: I
chatted with a Ninja about it, and she said that it doesn't work with
Chrome OS on the Cr-48. You can log in, but the sync will break until
you completely reset the device (and turn off 2 factor auth).
chatted with a Ninja about it, and she said that it doesn't work with
Chrome OS on the Cr-48. You can log in, but the sync will break until
you completely reset the device (and turn off 2 factor auth).
Hopefully this will be fixed soon.
http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html
--
Caleb Eggensperger
www.calebegg.com
Jay Lee
Feb 11, 2011, 12:07:03 PM2/11/11
to Chromium OS discuss
Yes, I'd filed a bug on this back in December when I got my Cr-48:
Jay
the short of it is that the ClientLogin API that Chrome OS currently uses for login doesn't support 2SV. ClientLogin is nearly deprecated by Google (they strongly discourage it's use) and soChrome OS will eventually use what Google calls Gaia login. Gaia is what your using when you login via Web browser to Gmail.com and such. Essentially the plan is to make even the Chrome OS login window use Chrome browser for login. Doing this would have the side effect of supporting 2SV. Chris Masone posts here regularly so he have more details as to the current status of this but it may be awhile...
Jay
Benjamin Grogg
Feb 11, 2011, 3:39:32 PM2/11/11
to Chromium OS discuss
Hi,
On Feb 11, 5:55 pm, Caleb Eggensperger <caleb...@gmail.com> wrote:
> For anyone considering Google's new 2 factor authentication feature: I
> chatted with a Ninja about it, and she said that it doesn't work with
> Chrome OS on the Cr-48. You can log in, but the sync will break until
> you completely reset the device (and turn off 2 factor auth).
Maybe i misunderstood you, but what I did is Application-specific
password for ChomiumOS. The sync works smoothly.
http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056286
Hope that helps,
Benjamin
On Feb 11, 5:55 pm, Caleb Eggensperger <caleb...@gmail.com> wrote:
> For anyone considering Google's new 2 factor authentication feature: I
> chatted with a Ninja about it, and she said that it doesn't work with
> Chrome OS on the Cr-48. You can log in, but the sync will break until
> you completely reset the device (and turn off 2 factor auth).
password for ChomiumOS. The sync works smoothly.
http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056286
Hope that helps,
Benjamin
Todd Vierling
Feb 11, 2011, 4:07:41 PM2/11/11
to benjami...@gmail.com, Chromium OS discuss
Thanks Benjamin. I don't have the option to turn on 2-step auth yet,
so this will help when the option appears.
To users: if you do this, make sure you _always_ login to Chrome OS
with the application-specific password, and _not_ your normal Google
Account password. That password is used to encrypt your on-device
settings and files, as well as authenticate browser sync.
Caleb Eggensperger
Feb 11, 2011, 5:52:33 PM2/11/11
to t...@duh.org, benjami...@gmail.com, Chromium OS discuss
Entering a generated application specific password every time I log
into my notebook is a non-solution. It invalidates the entire point of
2 step auth.
into my notebook is a non-solution. It invalidates the entire point of
2 step auth.
> --
> Chromium OS discuss mailing list: chromium-...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
>
--
Caleb Eggensperger
www.calebegg.com
Todd Vierling
Feb 11, 2011, 6:01:30 PM2/11/11
to Caleb Eggensperger, benjami...@gmail.com, Chromium OS discuss
On Fri, Feb 11, 2011 at 5:52 PM, Caleb Eggensperger <cale...@gmail.com> wrote:
> Entering a generated application specific password every time I log
> into my notebook is a non-solution. It invalidates the entire point of
> 2 step auth.
> Entering a generated application specific password every time I log
> into my notebook is a non-solution. It invalidates the entire point of
> 2 step auth.
This may be true, but the real fix isn't a short time away. Given that
2-step auth is being rolled out to everybody, this eventually does
have to work, so it will get fixed.
Chris Masone
Feb 11, 2011, 6:02:54 PM2/11/11
to cale...@gmail.com, t...@duh.org, benjami...@gmail.com, Chromium OS discuss
That's not the right thing to do. I know there have been some bugs in it, but there's definitely a flow in dev channel that's supposed to allow you to log in with your normal password, and then go to the sync setup UI and enter an app-specific password once.
I dunno if that made it back to beta channel, but there are a bunch of bugs filed/fixed about this.
Caleb Eggensperger
Feb 11, 2011, 6:35:17 PM2/11/11
to Chris Masone, Chromium OS discuss
Could you direct me/the list to those bugs? I looked for some before I
started this thread, but couldn't find any with variations on:
started this thread, but couldn't find any with variations on:
I'd like to know if those changes made it into the dev version I'm
running before I turn on 2 factor auth.
While I'm thinking about it, how do I find out if I'm on the latest
version? Sometimes "check for updates" doesn't work (if the update is
being rolled out maybe?) even though some sources indicate an update.
A page like omahaproxy.appspot.com would be nice. (That hasn't updated
for cros since December)
--
Caleb Eggensperger
www.calebegg.com
Caleb Eggensperger
Feb 17, 2011, 9:52:37 PM2/17/11
to Chromium OS discuss
An update: I tried it today (first day I've had access to the feature) and it is fixed on the dev build (0.10.156.30). It tells you there's a sync error, you go to settings to fix it, log in with your _regular_ password, then it asks for an application specific password. Everything's been going smoothly otherwise.
Caleb Eggensperger
www.calebegg.com
Will
Feb 17, 2011, 10:11:58 PM2/17/11
to Chromium OS discuss
Would you recommend giving it a try or waiting till its ironed out
further?
On Feb 17, 9:52 pm, Caleb Eggensperger <caleb...@gmail.com> wrote:
> An update: I tried it today (first day I've had access to the feature) and
> it is fixed on the dev build (0.10.156.30). It tells you there's a sync
> error, you go to settings to fix it, log in with your _regular_ password,
> then it asks for an application specific password. Everything's been going
> smoothly otherwise.
>
further?
On Feb 17, 9:52 pm, Caleb Eggensperger <caleb...@gmail.com> wrote:
> An update: I tried it today (first day I've had access to the feature) and
> it is fixed on the dev build (0.10.156.30). It tells you there's a sync
> error, you go to settings to fix it, log in with your _regular_ password,
> then it asks for an application specific password. Everything's been going
> smoothly otherwise.
>
> On Fri, Feb 11, 2011 at 17:35, Caleb Eggensperger <caleb...@gmail.com>wrote:
>
>
>
>
>
>
>
>
>
> > Could you direct me/the list to those bugs? I looked for some before I
> > started this thread, but couldn't find any with variations on:
>
> >http://code.google.com/p/chromium-os/issues/list?can=1&q=2+step+authe...
>
>
>
>
>
>
>
>
>
> > Could you direct me/the list to those bugs? I looked for some before I
> > started this thread, but couldn't find any with variations on:
>
>
> > I'd like to know if those changes made it into the dev version I'm
> > running before I turn on 2 factor auth.
>
> > While I'm thinking about it, how do I find out if I'm on the latest
> > version? Sometimes "check for updates" doesn't work (if the update is
> > being rolled out maybe?) even though some sources indicate an update.
> > A page like omahaproxy.appspot.com would be nice. (That hasn't updated
> > for cros since December)
>
> > I'd like to know if those changes made it into the dev version I'm
> > running before I turn on 2 factor auth.
>
> > While I'm thinking about it, how do I find out if I'm on the latest
> > version? Sometimes "check for updates" doesn't work (if the update is
> > being rolled out maybe?) even though some sources indicate an update.
> > A page like omahaproxy.appspot.com would be nice. (That hasn't updated
> > for cros since December)
>
> > On Fri, Feb 11, 2011 at 17:02, Chris Masone <cmas...@chromium.org> wrote:
> > > That's not the right thing to do. I know there have been some bugs in
> > it,
> > > but there's definitely a flow in dev channel that's supposed to allow you
> > to
> > > log in with your normal password, and then go to the sync setup UI and
> > enter
> > > an app-specific password once.
> > > I dunno if that made it back to beta channel, but there are a bunch of
> > bugs
> > > filed/fixed about this.
>
> > > On Fri, Feb 11, 2011 at 2:52 PM, Caleb Eggensperger <caleb...@gmail.com>
> > > That's not the right thing to do. I know there have been some bugs in
> > it,
> > > but there's definitely a flow in dev channel that's supposed to allow you
> > to
> > > log in with your normal password, and then go to the sync setup UI and
> > enter
> > > an app-specific password once.
> > > I dunno if that made it back to beta channel, but there are a bunch of
> > bugs
> > > filed/fixed about this.
>
> > > wrote:
>
> > >> Entering a generated application specific password every time I log
> > >> into my notebook is a non-solution. It invalidates the entire point of
> > >> 2 step auth.
>
> > >> On Fri, Feb 11, 2011 at 15:07, Todd Vierling <t...@duh.org> wrote:
> > >> > On Fri, Feb 11, 2011 at 3:39 PM, Benjamin Grogg
> > >> > <benjamin.gr...@gmail.com> wrote:
> > >> >> On Feb 11, 5:55 pm, Caleb Eggensperger <caleb...@gmail.com> wrote:
> > >> >>> For anyone considering Google's new 2 factor authentication feature:
> > I
> > >> >>> chatted with a Ninja about it, and she said that it doesn't work
> > with
> > >> >>> Chrome OS on the Cr-48. You can log in, but the sync will break
> > until
> > >> >>> you completely reset the device (and turn off 2 factor auth).
>
> > >> >> Maybe i misunderstood you, but what I did is Application-specific
> > >> >> password for ChomiumOS. The sync works smoothly.
>
> >http://www.google.com/support/accounts/bin/static.py?page=guide.cs&gu...
>
> > >> Entering a generated application specific password every time I log
> > >> into my notebook is a non-solution. It invalidates the entire point of
> > >> 2 step auth.
>
> > >> On Fri, Feb 11, 2011 at 15:07, Todd Vierling <t...@duh.org> wrote:
> > >> > On Fri, Feb 11, 2011 at 3:39 PM, Benjamin Grogg
> > >> > <benjamin.gr...@gmail.com> wrote:
> > >> >> On Feb 11, 5:55 pm, Caleb Eggensperger <caleb...@gmail.com> wrote:
> > >> >>> For anyone considering Google's new 2 factor authentication feature:
> > I
> > >> >>> chatted with a Ninja about it, and she said that it doesn't work
> > with
> > >> >>> Chrome OS on the Cr-48. You can log in, but the sync will break
> > until
> > >> >>> you completely reset the device (and turn off 2 factor auth).
>
> > >> >> Maybe i misunderstood you, but what I did is Application-specific
> > >> >> password for ChomiumOS. The sync works smoothly.
>
>
> > >> > Thanks Benjamin. I don't have the option to turn on 2-step auth yet,
> > >> > so this will help when the option appears.
>
> > >> > To users: if you do this, make sure you _always_ login to Chrome OS
> > >> > with the application-specific password, and _not_ your normal Google
> > >> > Account password. That password is used to encrypt your on-device
> > >> > settings and files, as well as authenticate browser sync.
>
> > >> > --
> > >> > Chromium OS discuss mailing list: chromium-os-disc...@chromium.org
> > >> > Thanks Benjamin. I don't have the option to turn on 2-step auth yet,
> > >> > so this will help when the option appears.
>
> > >> > To users: if you do this, make sure you _always_ login to Chrome OS
> > >> > with the application-specific password, and _not_ your normal Google
> > >> > Account password. That password is used to encrypt your on-device
> > >> > settings and files, as well as authenticate browser sync.
>
> > >> > --
> > >> > View archives, change email options, or unsubscribe:
>
> >http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
>
> > >> --
> > >> Caleb Eggensperger
> > >>www.calebegg.com
>
> > >> --
> > >> Chromium OS discuss mailing list: chromium-os-disc...@chromium.org
>
> >http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
>
> > >> --
> > >> Caleb Eggensperger
> > >>www.calebegg.com
>
> > >> --
Caleb Eggensperger
Feb 17, 2011, 11:47:03 PM2/17/11
to wgree...@gmail.com, Chromium OS discuss
As long as you're on that version, I think you'll be fine.
--
Caleb Eggensperger
www.calebegg.com
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
--
Caleb Eggensperger
www.calebegg.com
Cyrus Bufkin
Feb 18, 2011, 10:13:05 AM2/18/11
to Chromium OS discuss
You know, i just set up two step auth last night and i did not have to
set up an application specific password for chrome sync. I already had
sync set up, and i just checked it under settings and it says it
synced seventeen minutes ago. maybe they fixed this issue entirely?
On Feb 17, 9:52 pm, Caleb Eggensperger <caleb...@gmail.com> wrote:
> An update: I tried it today (first day I've had access to the feature) and
> it is fixed on the dev build (0.10.156.30). It tells you there's a sync
> error, you go to settings to fix it, log in with your _regular_ password,
> then it asks for an application specific password. Everything's been going
> smoothly otherwise.
>
set up an application specific password for chrome sync. I already had
sync set up, and i just checked it under settings and it says it
synced seventeen minutes ago. maybe they fixed this issue entirely?
On Feb 17, 9:52 pm, Caleb Eggensperger <caleb...@gmail.com> wrote:
> An update: I tried it today (first day I've had access to the feature) and
> it is fixed on the dev build (0.10.156.30). It tells you there's a sync
> error, you go to settings to fix it, log in with your _regular_ password,
> then it asks for an application specific password. Everything's been going
> smoothly otherwise.
>
> On Fri, Feb 11, 2011 at 17:35, Caleb Eggensperger <caleb...@gmail.com>wrote:
>
>
>
>
>
>
>
>
>
> > Could you direct me/the list to those bugs? I looked for some before I
> > started this thread, but couldn't find any with variations on:
>
> >http://code.google.com/p/chromium-os/issues/list?can=1&q=2+step+authe...
>
>
>
>
>
>
>
>
>
> > Could you direct me/the list to those bugs? I looked for some before I
> > started this thread, but couldn't find any with variations on:
>
>
> > I'd like to know if those changes made it into the dev version I'm
> > running before I turn on 2 factor auth.
>
> > While I'm thinking about it, how do I find out if I'm on the latest
> > version? Sometimes "check for updates" doesn't work (if the update is
> > being rolled out maybe?) even though some sources indicate an update.
> > A page like omahaproxy.appspot.com would be nice. (That hasn't updated
> > for cros since December)
>
> > I'd like to know if those changes made it into the dev version I'm
> > running before I turn on 2 factor auth.
>
> > While I'm thinking about it, how do I find out if I'm on the latest
> > version? Sometimes "check for updates" doesn't work (if the update is
> > being rolled out maybe?) even though some sources indicate an update.
> > A page like omahaproxy.appspot.com would be nice. (That hasn't updated
> > for cros since December)
>
> > On Fri, Feb 11, 2011 at 17:02, Chris Masone <cmas...@chromium.org> wrote:
> > > That's not the right thing to do. I know there have been some bugs in
> > it,
> > > but there's definitely a flow in dev channel that's supposed to allow you
> > to
> > > log in with your normal password, and then go to the sync setup UI and
> > enter
> > > an app-specific password once.
> > > I dunno if that made it back to beta channel, but there are a bunch of
> > bugs
> > > filed/fixed about this.
>
> > > On Fri, Feb 11, 2011 at 2:52 PM, Caleb Eggensperger <caleb...@gmail.com>
> > > That's not the right thing to do. I know there have been some bugs in
> > it,
> > > but there's definitely a flow in dev channel that's supposed to allow you
> > to
> > > log in with your normal password, and then go to the sync setup UI and
> > enter
> > > an app-specific password once.
> > > I dunno if that made it back to beta channel, but there are a bunch of
> > bugs
> > > filed/fixed about this.
>
> > > wrote:
>
> > >> Entering a generated application specific password every time I log
> > >> into my notebook is a non-solution. It invalidates the entire point of
> > >> 2 step auth.
>
> > >> On Fri, Feb 11, 2011 at 15:07, Todd Vierling <t...@duh.org> wrote:
> > >> > On Fri, Feb 11, 2011 at 3:39 PM, Benjamin Grogg
> > >> > <benjamin.gr...@gmail.com> wrote:
> > >> >> On Feb 11, 5:55 pm, Caleb Eggensperger <caleb...@gmail.com> wrote:
> > >> >>> For anyone considering Google's new 2 factor authentication feature:
> > I
> > >> >>> chatted with a Ninja about it, and she said that it doesn't work
> > with
> > >> >>> Chrome OS on the Cr-48. You can log in, but the sync will break
> > until
> > >> >>> you completely reset the device (and turn off 2 factor auth).
>
> > >> >> Maybe i misunderstood you, but what I did is Application-specific
> > >> >> password for ChomiumOS. The sync works smoothly.
>
> >http://www.google.com/support/accounts/bin/static.py?page=guide.cs&gu...
>
> > >> Entering a generated application specific password every time I log
> > >> into my notebook is a non-solution. It invalidates the entire point of
> > >> 2 step auth.
>
> > >> On Fri, Feb 11, 2011 at 15:07, Todd Vierling <t...@duh.org> wrote:
> > >> > On Fri, Feb 11, 2011 at 3:39 PM, Benjamin Grogg
> > >> > <benjamin.gr...@gmail.com> wrote:
> > >> >> On Feb 11, 5:55 pm, Caleb Eggensperger <caleb...@gmail.com> wrote:
> > >> >>> For anyone considering Google's new 2 factor authentication feature:
> > I
> > >> >>> chatted with a Ninja about it, and she said that it doesn't work
> > with
> > >> >>> Chrome OS on the Cr-48. You can log in, but the sync will break
> > until
> > >> >>> you completely reset the device (and turn off 2 factor auth).
>
> > >> >> Maybe i misunderstood you, but what I did is Application-specific
> > >> >> password for ChomiumOS. The sync works smoothly.
>
>
> > >> > Thanks Benjamin. I don't have the option to turn on 2-step auth yet,
> > >> > so this will help when the option appears.
>
> > >> > To users: if you do this, make sure you _always_ login to Chrome OS
> > >> > with the application-specific password, and _not_ your normal Google
> > >> > Account password. That password is used to encrypt your on-device
> > >> > settings and files, as well as authenticate browser sync.
>
> > >> > --
> > >> > Chromium OS discuss mailing list: chromium-os-disc...@chromium.org
> > >> > Thanks Benjamin. I don't have the option to turn on 2-step auth yet,
> > >> > so this will help when the option appears.
>
> > >> > To users: if you do this, make sure you _always_ login to Chrome OS
> > >> > with the application-specific password, and _not_ your normal Google
> > >> > Account password. That password is used to encrypt your on-device
> > >> > settings and files, as well as authenticate browser sync.
>
> > >> > --
> > >> > View archives, change email options, or unsubscribe:
>
> >http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
>
> > >> --
> > >> Caleb Eggensperger
> > >>www.calebegg.com
>
> > >> --
> > >> Chromium OS discuss mailing list: chromium-os-disc...@chromium.org
>
> >http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
>
> > >> --
> > >> Caleb Eggensperger
> > >>www.calebegg.com
>
> > >> --
Cyrus Bufkin
Feb 18, 2011, 10:14:29 AM2/18/11
to Chromium OS discuss
Probably relivent: i was using a separate password for sync
beforehand.
beforehand.
Caleb Eggensperger
Feb 18, 2011, 10:38:06 AM2/18/11
to thevi...@gmail.com, Chromium OS discuss
What do you mean a separate password?
--
Caleb Eggensperger
www.calebegg.com
Chromium OS discuss mailing list: chromium-...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
--
Caleb Eggensperger
www.calebegg.com
SamuraiLink3
Feb 18, 2011, 10:53:56 AM2/18/11
to Chromium OS discuss
I've been using two-factor authentication for 2 days now with my CR48
and it works fine. I log into the system with my standard Google
Account password. When I initially set up sync, I logged in with my
Google Account password, then it asked for my device-specific password
(where I entered the generated One Time Password). Sync works without
an issue and I am able to log into the system using my Google Account.
The only issue I can see is that ChromeOS no longer gives me a pre-
logged-in session cookie when I log into the CR48, I have to sign into
my Google Account (then two-factor, unless I choose to remember the
computer). I can imagine that this has to do with the added security.
and it works fine. I log into the system with my standard Google
Account password. When I initially set up sync, I logged in with my
Google Account password, then it asked for my device-specific password
(where I entered the generated One Time Password). Sync works without
an issue and I am able to log into the system using my Google Account.
The only issue I can see is that ChromeOS no longer gives me a pre-
logged-in session cookie when I log into the CR48, I have to sign into
my Google Account (then two-factor, unless I choose to remember the
computer). I can imagine that this has to do with the added security.
Todd Vierling
Feb 18, 2011, 11:27:33 AM2/18/11
to cale...@gmail.com, thevi...@gmail.com, Chromium OS discuss
On Fri, Feb 18, 2011 at 10:38 AM, Caleb Eggensperger <cale...@gmail.com> wrote:
> What do you mean a separate password?
> What do you mean a separate password?
In 0.10 (current Dev channel), it's possible to set a custom
encryption password for sync data (see the new "Encryption" subtab in
the sync settings).
SamuraiLink3
Feb 18, 2011, 2:01:37 PM2/18/11
to Chromium OS discuss
Just did another test, ignore my comment on not getting proper session
cookies. Single sign-on works brilliantly.
cookies. Single sign-on works brilliantly.
Matt Richards
Feb 18, 2011, 2:16:37 PM2/18/11
to Chromium OS discuss
I still lack this feature on my account; I see the link to enable it but when I go to set it up, it says coming soon :(
--
--Matt
Chromium OS discuss mailing list: chromium-...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
--
--Matt
Reply all
Reply to author
Forward
0 new messages