Google has responded to business users’ fears about the security of cloud computing, by adding free two-factor verification to its Google Apps.
Until now, Google has provided password protection for user accounts on its Google Apps cloud-based application suite. Many organisations require higher security, and have added extra technology which provides a second factor, such as a token, alongside the password to verify a user’s identity.
Today, Google has announced a free “two-step authentication” scheme which makes a user’s mobile phone into a security check, so users have to know their password and have their phone to get in. After the user enters a password, a verification code is sent to the mobile phone via SMS or generated on an application for Android or BlackBerry phones, with iPhone support coming soon
The system will be easy to set up amd manage, says the Google release, and will not overly impede users’ access to their email. It is currently available for some editions of the paid-for versions of Google Apps, and will come to the Standard Edition in months to come.
The Google implementation is based on “an open standard” Google says, and the app will be open-sourced, which means it should be possible to integrate it with authentication technologies form other vendors in future, and user organisations will be able to customise the two-factor process.
Security has for a long time been a major concern for companies considering the cloud. Security breaches are often cited as reasons to avoid the cloud and many vendors have launched cloud security packages to reasure users.
Google has long argued that organisations’ data will actually be more secure if they embrace cloud computing, because remote access is a fact of life and will be implemented in less secure ways if companies try to avoid the cloud.
Google uses HTTPS, allows users to assess their password strength, and says that Google Apps was the first cloud messaging and collaboration service to gain US government security certification.
The two-step verification option is now available to administrators using Google Apps Premier, Education, and Government Editions, and can be activated from the Admin Control Panel now.
Questions to be answered about this include how this applies to mobile, where the mobile phone may be the same device as the one accessing the mail, and also whether this will be available to individual users of Google Mail and Google Docs
American space agency prepares for testing of Boeing's Starliner, to ensure it has two space…
As UK and Europe develop closer military ties, European Commission says it will invest €1.3…
Zuckerberg seeks to revive Facebook's original spirit, as Meta launches Facebook Friends tab, so users…
Notable development for Meta, after appeal against 2021 WhatsApp privacy fine is backed by advisor…
First sign of shake-up under new CEO Lip-Bu Tan? Three Intel board members confirm they…
Trump's nominee for SEC Chairman, Paul Atkins, has pledged a “rational, coherent, and principled approach”…
View Comments
Marcus Ranum, CSO of Tenable Network Security, says:
"Two factor authentication is and always has been a crucial capability; what Google has done is wonderful because it isn't merely 'something you know + something you have' it's 'something you know + something you VALUE A LOT' - we've seen in the past that people are willing to give away an authentication credential in return for a chocolate bar, but most people are strongly acculturated to hang onto their phones. Even more importantly, a mobile phone is a high value item so a spammer would have to buy a new phone each time one of their accounts got shut down and the associated mobile phone got blacklisted. What that does is brings a high external cost into the equation. It's a very good move."