Delete comment from: The official Google Code blog
Archie Cobbs said...
Here is what is missing: augment the google account login process with an (optional, if you want) required one-time password using the RFC 4223 (OATH) standard.
Why? Because if I'm going to leverage my google account login to login to a bunch of other web sites, then it's important to me to apply an extra layer of security that you get with two-factor authentication.
There are software versions of OATH tokens for smart phones like the iPhone, so no hardware token would be required.
Jul 31, 2009, 11:27:16 AM