Google Brings Two-Factor Security To Apps

Google has responded to business users’ fears about the security of cloud computing, by adding free two-factor verification to its Google Apps.

Until now, Google has provided password protection for user accounts on its Google Apps cloud-based application suite. Many organisations require higher security, and have added extra technology which provides a second factor, such as a token, alongside the password to verify a user’s identity.

Today, Google has announced a free “two-step authentication” scheme which makes a user’s mobile phone into a security check, so users have to know their password and have their phone to get in. After the user enters a password, a verification code is sent to the mobile phone via SMS or generated on an application for Android or BlackBerry phones, with iPhone support coming soon

Keeping your data safe

“This makes it much more likely that you’re the only one accessing your data,” said the Google announcement. “Even if someone has stolen your password, your account is still protected.”

The system will be easy to set up amd manage, says the Google release, and will not overly impede users’ access to their email. It is currently available for some editions of the paid-for versions of Google Apps, and will come to the Standard Edition in months to come.

The Google implementation is based on “an open standard” Google says, and the app will be open-sourced, which means it should be possible to integrate it with authentication technologies form other vendors in future, and user organisations will be able to customise the two-factor process.

Security in the cloud

Security has for a long time been a major concern for companies considering the cloud. Security breaches are often cited as reasons to avoid the cloud and many vendors have launched cloud security packages to reasure users.

Google has long argued that organisations’ data will actually be more secure if they embrace cloud computing, because remote access is a fact of life and will be implemented in less secure ways if companies try to avoid the cloud.

Google uses HTTPS, allows users to assess their password strength, and says that Google Apps was the first cloud messaging and collaboration service to gain US government security certification.

The two-step verification option is now available to administrators using Google Apps Premier, Education, and Government Editions, and can be activated from the Admin Control Panel now.

Questions to be answered about this include how this applies to mobile, where the mobile phone may be the same device as the one accessing the mail, and also whether this will be available to individual users of Google Mail and Google Docs

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

View Comments

  • Marcus Ranum, CSO of Tenable Network Security, says:

    "Two factor authentication is and always has been a crucial capability; what Google has done is wonderful because it isn't merely 'something you know + something you have' it's 'something you know + something you VALUE A LOT' - we've seen in the past that people are willing to give away an authentication credential in return for a chocolate bar, but most people are strongly acculturated to hang onto their phones. Even more importantly, a mobile phone is a high value item so a spammer would have to buy a new phone each time one of their accounts got shut down and the associated mobile phone got blacklisted. What that does is brings a high external cost into the equation. It's a very good move."

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago