Google Introduces Two-step Verification for Google Apps Accounts
Usernames and passwords are the standard method of protection employed by all online services out there. If the user wants to access his email account for example, he needs only provide the correct username and password - once he does that, he has access to his inbox. If the user wants to access his social networking account for example, he also has to provide the correct username and password.
The problem with passwords is that some users do not choose a properly strong one, reuse the same password over and over again, or give away their password to phishing sites. When that happens, the user’s account is compromised.
“Unfortunately, we often find that passwords are the weakest link in the security chain. Keeping track of many passwords is a pain, and unfortunately accounts are regularly compromised when passwords are too weak, are reused across websites, or when people are tricked into sharing their password with someone untrustworthy,” commented Product Manager on the Google Security Team, Travis McCoy.
To provide security that goes beyond the traditional username and password, Google has developed an option to add two-step verification to Google Apps accounts. For now the two-step verification has been released to small and large organizations; Google explained that two-step verification will be rolled out to individual Google users in the coming months.
Director of Security for Google Apps, Eran Feigenbaum, said that two-step verification is easy to set up, manage and use. Here’s his explanation on how two-step verification works:
“When enabled by an administrator, it requires two means of identification to sign in to a Google Apps account, something you know: a password, and something you have: a mobile phone. It doesn’t require any special tokens or devices. After entering your password, a verification code is sent to your mobile phone via SMS, voice calls, or generated on an application you can install on your Android, BlackBerry or iPhone device. This makes it much more likely that you’re the only one accessing your data: even if someone has stolen your password, they'll need more than that to access your account. You can also indicate when you're using a computer you trust and don't want to be asked for a verification code from that machine in the future.”
Basically, when you want to sign into your Google Apps account, you will have to enter your username and password, as well as a verification code that Google sends to your phone or can be generated using an application.
Two-step verification can be enabled right now by administrators of Google Apps Premier, Education, and Government Editions. Admins can enable the feature from the English version of the Admin Control Panel. Google Apps Standard Edition customers will be able to enable two-step verification in the coming months.
Here's what the user will see when two-step verification is enabled.
The problem with passwords is that some users do not choose a properly strong one, reuse the same password over and over again, or give away their password to phishing sites. When that happens, the user’s account is compromised.
“Unfortunately, we often find that passwords are the weakest link in the security chain. Keeping track of many passwords is a pain, and unfortunately accounts are regularly compromised when passwords are too weak, are reused across websites, or when people are tricked into sharing their password with someone untrustworthy,” commented Product Manager on the Google Security Team, Travis McCoy.
To provide security that goes beyond the traditional username and password, Google has developed an option to add two-step verification to Google Apps accounts. For now the two-step verification has been released to small and large organizations; Google explained that two-step verification will be rolled out to individual Google users in the coming months.
Director of Security for Google Apps, Eran Feigenbaum, said that two-step verification is easy to set up, manage and use. Here’s his explanation on how two-step verification works:
“When enabled by an administrator, it requires two means of identification to sign in to a Google Apps account, something you know: a password, and something you have: a mobile phone. It doesn’t require any special tokens or devices. After entering your password, a verification code is sent to your mobile phone via SMS, voice calls, or generated on an application you can install on your Android, BlackBerry or iPhone device. This makes it much more likely that you’re the only one accessing your data: even if someone has stolen your password, they'll need more than that to access your account. You can also indicate when you're using a computer you trust and don't want to be asked for a verification code from that machine in the future.”
Basically, when you want to sign into your Google Apps account, you will have to enter your username and password, as well as a verification code that Google sends to your phone or can be generated using an application.
Two-step verification can be enabled right now by administrators of Google Apps Premier, Education, and Government Editions. Admins can enable the feature from the English version of the Admin Control Panel. Google Apps Standard Edition customers will be able to enable two-step verification in the coming months.
Here's what the user will see when two-step verification is enabled.
