On my drive home from work today I was very surprised–when listening to Security Now episode #326 Steve and Leo answered the question I submitted to the show! Let me backup a little and explain things. Security Now is a weekly podcast on the TWIT network that discusses hot topics from the past week on all things security related, as well as fundamentals of computers, the internet, and security. In addition to security news, they also touch on Sci-Fi books and a few health concerns—recently the all important Vitamin D3. I have promised myself to write a big blog post about Vitamin D3 at some point this winter. If you are not a listener, I strongly recommend you listen to an episode or two (At least listen to the Portable Dog Killer episode, it’s not what you think it is at all) .
Question Setup
I am a big fan of Lastpass Password storage system after learning about it on Security Now and hearing why it was safe to use (Episode 256). I am also using the Google Authenticator on my Android phone(Also available for all other major mobile phone OS) for a second form of authentication when logging into my Google account because of how much additional security it provides, especially as this account grows more important. The question I asked below was simplified slightly (Probably due to me not thinking things out fully to get the answer I wanted) but the results were good and answered about 80% of my question.
My question was as read by Leo
“Leo: No. Question 7, Jon in Lincoln, Nebraska – another cornfield flyover – worries about giving Google too many eggs: Steve and Leo, I love the podcast. I’m a long-time listener, LastPass and Vitamin D advocate. I have the entire family well educated and believing now. Yay. Over the weekend I saw that now LastPass – as we mentioned in the news – supports Google Authenticator. This is great news because I currently use the app on my Android phone to get into my Gmail account. I also know how much more secure two-factor authentication is, thanks to previous Security Now! episodes. But it makes me wonder if tying so many of my services to Google is a good idea or a potential security problem. What happens if Google were to go down for a few hours? Any thoughts or opinions on this would be appreciated. Am I putting too many eggs in Google’s basket?”
Watch the video on Youtube of Steve and Leo answering my question below. Start at 1:30:00 goo.gl/kaJD5
Or read the answer http://www.grc.com/sn/sn-326.htm (About 5/6 down the page)
After hearing this answer I am feel reassured about my concerns and I am very glad it is independent and closed loop. My biggest concern was if my Google account was suddenly compromised/deleted/suspended etc that I would be locked out of my Lastpass too, but since it is independent and I have a backup of codes generated I know I won’t lose my Lastpass. Just in case I always have my local Lastpass Pocket standalone as a measure of last resort (No cloud).