Google has responded to business users’ fears about the security of cloud computing, by adding free two-factor verification to its Google Apps.
Until now, Google has provided password protection for user accounts on its Google Apps cloud-based application suite. Many organisations require higher security, and have added extra technology which provides a second factor, such as a token, alongside the password to verify a user’s identity.
Today, Google has announced a free “two-step authentication” scheme which makes a user’s mobile phone into a security check, so users have to know their password and have their phone to get in. After the user enters a password, a verification code is sent to the mobile phone via SMS or generated on an application for Android or BlackBerry phones, with iPhone support coming soon
The system will be easy to set up amd manage, says the Google release, and will not overly impede users’ access to their email. It is currently available for some editions of the paid-for versions of Google Apps, and will come to the Standard Edition in months to come.
The Google implementation is based on “an open standard” Google says, and the app will be open-sourced, which means it should be possible to integrate it with authentication technologies form other vendors in future, and user organisations will be able to customise the two-factor process.
Security has for a long time been a major concern for companies considering the cloud. Security breaches are often cited as reasons to avoid the cloud and many vendors have launched cloud security packages to reasure users.
Google has long argued that organisations’ data will actually be more secure if they embrace cloud computing, because remote access is a fact of life and will be implemented in less secure ways if companies try to avoid the cloud.
Google uses HTTPS, allows users to assess their password strength, and says that Google Apps was the first cloud messaging and collaboration service to gain US government security certification.
The two-step verification option is now available to administrators using Google Apps Premier, Education, and Government Editions, and can be activated from the Admin Control Panel now.
Questions to be answered about this include how this applies to mobile, where the mobile phone may be the same device as the one accessing the mail, and also whether this will be available to individual users of Google Mail and Google Docs
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
Marcus Ranum, CSO of Tenable Network Security, says:
"Two factor authentication is and always has been a crucial capability; what Google has done is wonderful because it isn't merely 'something you know + something you have' it's 'something you know + something you VALUE A LOT' - we've seen in the past that people are willing to give away an authentication credential in return for a chocolate bar, but most people are strongly acculturated to hang onto their phones. Even more importantly, a mobile phone is a high value item so a spammer would have to buy a new phone each time one of their accounts got shut down and the associated mobile phone got blacklisted. What that does is brings a high external cost into the equation. It's a very good move."