I stumbled upon Google 2-step Verification for the first time today and I was immediately tempted to use it. For me, Google is pretty much a digital copy of my life. I'm not particularly nervous that Google knows almost everything about me because I'm not all that memorable (maybe AdSense will one day change that ;)) but nonetheless my life is important to me and if it were to fall into the wrong hands it could spell the end of my / the world.
Essentially Google 2-step Verification puts in another layer of security in addition to what you know: what you have. The principle is simple: when you authenticate with what you know (your password) it will also prompt you to give another bit of code from what you have (your phone). This can be done either through SMS, voice message, or a random generator if you have the right handset.
There are a whole bunch of complexities when using Google 2-step Verification, including having to authorise certain applications again and relying quite heavily on your phone to be able to do simple things but I've decided to try it out for a month or two and see if I can cope with the added layers of security. I'll report back soon, either because it's become virtually impossible to cope with it or because I love it. If you don't hear back from me it will probably mean it changed my life without me knowing about it (which is almost as good as me loving it).
I've set it up on my BlackBerry to generate authentication codes and have my wife as a backup. When I travel back to New York I'll also have access to once-off codes just in case my BlackBerry fails me.
Until later, then...