Robert N. Lee

Everybody says they want “secure,” they mostly just want “easy.”

I learned something when I started designing consumer set-top boxes that shouldn’t have surprised me, but it did anyway. I learned that I was going to have to design a new parental control system that no one was ever going to use. And everybody knew nobody was going to use it after buying one of our boxes, but I had to design a new one for the new boxes, anyway.

Because virtually nobody ever uses them, they’re a pain in the ass and keep parents from watching naughty movies when they feel like it more than they ever thwart any children. But people expect and demand them, anyway, so you have to build them for every consumer set-top box, or people not only won’t buy your box, they’ll mount shrieking wars o’ outrage in the media, online, etc., over OMG THE BLU-RAY PLAYER THAT LETS BABIES WATCH PORN. People will spend all day on the Internets, every day that week, arguing over that instead of working.

And then they will go home to their living rooms, where they have six boxes connected to their TVs, and parental controls disabled on every single one, and see no big glaring disconnect between their fervent beliefs and day to day actions.

And you not only have to design and build this feature nobody’s ever going to use, that feature is going to be proclaimed loudly on the front of the box, in all the ad copy, etc. Everyone demands it, no one will use it. It was, for a work thing, one of the most profound lessons I’ve ever learned in my life.

Anyway, this isn’t a big shock to me: Google changed things up a while ago, so you’re fully able to keep what you search for totally private, and pretty much nobody uses it. If you think SEO and the whole issue of gaming search results for marketing gains is morally or otherwise suspect, encrypted search terms have the capability to pretty much end that whole business. Seriously: if every person who gets all spooky online about how sinister SEO is used SSL encryption on their searches, it’d kill SEO.

But they won’t. I mean, duh, keyword-based ad buys are Google’s whole business, pretty much. About 2.8% of searches, and it probably won’t go much higher than that. Because…people talk a lot about safety and privacy, but they mostly just want things easy. Me, I don’t even care if my search terms are encrypted or not, but they are mostly, anyway, because I’m logged into my Google account pretty much all the time. But they’re not if I switch to another browser, for whatever reason, and search there.

The reason I’m not logged in to my Google account in those other browsers is it’s an unnecessary pain in the butt. It would be, anyway, since if I’m in IE or Firefox or Safari, it’s just to check a site I’m working on or something. But earlier this year, Google introduced another awesome thing everybody isn’t using, because…people say they want safety, but they really want easy: 2-step account verification.

I am the only person I know, and I’ve talked to about this, who uses 2-step verification. And I mean I’ve talked to a bunch of major geeks who have Android phones and use Gmail and Google Docs and Buzz and etc. all the time, and…nope. (I’m sure I know people who use it and we just haven’t had a conversation about it.) And that shit’s been out for almost a year, now.

So this is two-step verification: you get one login, one computer, one browser, and that’s your home base login, and you login into your Google account to use Gmail and YouTube and Reader and etc. like normal. Anyplace else you log in, another computer in the house, at work, at your mom’s house, from your phone, etc., requires another step: you have to get a temporary login number string that gets texted to your phone. So…no smart phone required, you don’t have to remember the number or anything, you just gotta type sixteen numbers in whenever you want to log in at the library. It takes about ten seconds, tops, looking at the phone, one-finger hunting and pecking.

Which also means anybody who somehow gets your password, even, also has to type in sixteen numbers to login at the library or their house or wherever, sixteen numbers they can’t get because they don’t have your phone. (If somebody has your Google password and your phone…I’m sorry about your sucky divorce. It gets better, I guess.)

That doesn’t seem like a big sacrifice to me, I have a lot of my life and work tied up in my Google account, as I know others do these days. So…on top of the standards – a password somebody’d have to brute force that you memorize and swap out every once in a while, etc. – if you’re as invested personally and professionally as I am in Google’s online offerings, you might want to take advantage of 2-step verification. You can find it in your account settings pretty easily, it’s worth the trip.

As opposed to encrypting your search terms, and who cares if nobody does that?

Oh, and BTW, you know how you keep your kids from watching stuff on your TV you don’t want them to? Don’t get in the habit of parking them in front of the TV alone, and follow through when you threaten to punish them for breaking house rules. Not that hard, really, no robot censors required.

Comments

  1. I was not aware of this feature, thanks. People do say they want security but I sometimes feel that it is something that they have said so many times without going further into the matter that it comes a point it is something you say or talk about. 

    I will be setting up this feature

  2. No problem, and…yeah, it’s really not that big a deal and makes your Google account really freaking secure, even if you’re the kind of person who makes his pet names his password. Long as you’re somebody who’s never far from his phone, anyway. 

Leave a Reply