In an effort to help companies and businesses using Google Apps gain more confidence in cloud security, Google announced the availability of a new security option, two-step verification, which will increase security across the entire Apps platform if enabled. The optional functionality, as explained on the Official Google Enterprise Blog, makes users identify themselves using two pieces of information: something they know (a password), and something they own (a mobile device). Since many security administrators no longer feel that entering a password is good enough verification anymore, two-step verification sends an authentication code to your mobile phone after you enter your password. Only when you enter that code into the second step of the login process are you granted access to your account.
While this is by no means a foolproof method of security--and let’s face it, there is no such thing--this solution makes it much more likely that the user authenticating is the right one. It is also a low-cost, easy to implement solution, that uses already purchased assets (going on the assumption that account owners have a mobile device of some sort) to provide an otherwise expensive increase in security.
Perceiving a potential pitchfork-and-torch mutiny from the users who will have to take out their phones every time they login, the new security layer offers an option to trust a computer, giving the computer the ability to ask only once for step two, and then only for regular password authentication going forward.
11 Comments - Add comment