I love your service. I love it so much, I put most of my trusted data in your hands. On your servers. I now have access to my data everywhere. But I’ll never be the only one having access to my data if you don’t change something.
About 18 months ago, Google introduced two-factor authentication. It’s a sort of extra step after filling in your password, where you get a code sent to you via text message or in an authorized app, and after filling that in correctly as well, you get access to whatever you want access on Google’s services. I’m positive you know what this is.
I know about difficult passwords. Hard-to-crack passwords. Good passwords. But passwords aren’t enough anymore. If I log in to your service on one of my friend’s computers, chances are they have something installed that tracks the passwords their computer logs-in to, saving your password as well. In fact, Safari 6 has that feature built-in.
You can’t trust anyone enough when your data is involved. Just that second extra step brings an insane amount of security. Just with that extra step, I feel ensured that no-one:
can remote wipe my iPhone/iPad/Mac, purchase goods from your Apple Store/App Stores, delete all my emails/contacts/calendars/Music in the Cloud, view/edit/delete my iCloud documents, etc.;
can view and delete all my Evernote notes, files, receipts, personal data, possibly resulting in identity-theft;
can view, edit and delete all my Dropbox files.
This all gets a factor of 10 worse when the hacker also changes passwords.
I would like to ask you to consider implementing two-step authentication. I would also like to ask if you could bring out a statement that you are either:
We — the users — care about safety. And we hope you do, too.
Thanks so much for listening.