Google this morning has taken a step to shore up confidence in the security of its cloud computing products by introducing to them a two-factor authentication system.
And you can't beat the price: free.
Eran Feigenbaum, Google Apps director of security, writes this morning on the company's Enterprise Blog:
Two-step verification is easy to set up, manage and use. When enabled by an administrator, it requires two means of identification to sign in to a Google Apps account, something you know: a password, and something you have: a mobile phone. It doesn't require any special tokens or devices. After entering your password, a verification code is sent to your mobile phone via SMS, voice calls, or generated on an application you can install on your Android, BlackBerry or iPhone device. This makes it much more likely that you're the only one accessing your data: even if someone has stolen your password, they'll need more than that to access your account. You can also indicate when you're using a computer you trust and don't want to be asked for a verification code from that machine in the future.
The security measure the feature will first be available to users of Google Apps Premiere, Education, and Government. Other Google Apps users will see it "in the months ahead."
Eliminating the complexities and expense of such security systems was a key, says Google.
"Making this service available to millions of users at no cost took a great deal of coordination across Google's specialized infrastructure, from building a scalable SMS and voice call system to developing open source mobile applications for your smart phone," said Travis McCoy, a product manager for Google Apps. "The result is a feature we hope you'll find simple to manage and that makes it easy to better protect your account."
Jason Kincaid at TechCrunch believes the move by Google will be well received:
The news will also make Google Apps an even more tempting proposition for security-conscious businesses (Google notes that prior to this release, it was also the first company to receive FISMA certification in the collaboration/document sharing space). To make this more appealing to businesses, Google is also open-sourcing its authentication apps, so businesses can create their own custom-branded versions.
More details on the FISMA certification are available here.
Two-factor authentication systems are by no means fool-proof, as German authorities learned last year when thieves used man-in-the-middle attacks to circumvent a widely used version there and access numerous bank accounts.
Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up.