Securing Apps With Two Step Authentication
I am a paranoid person - not at a level that is unhealthy, but I am paranoid. In fact, as soon as Google came out with two step verification (commonly known as two-factor authentication - I set it up with my Google Apps account.
It gives me the added peace of mind that it makes it much harder for someone to hack into my Google Account and take over my email address, and the hundreds of other things I do under my Google Account.
In the past year or so, we've been switching our systems to authenticate off of our Google Accounts. But this past week, we locked down many of our applications and web backends to require two-factor authentication.
Some systems we've set up to always require a token entry before gaining access to it. Some systems we have htaccess and Google login and token requirements. Some systems just have Google login. Some systems have both but let you set a 30-day cookie for the browser to remember not to ask for the token (that is how Google works for most security).
I strongly recommend you set up two step authentication within your Google account and for any application where you conduct business. It is simply not worth risking it.
Now, I wish my banks had that over making me change my password every 30 days or so.