Skip Links

Google Apps ups security with two-factor authentication

Company announces additional security for cloud computing offering

By Paul McNamara on Mon, 09/20/10 - 6:24am.

two-factorGoogle this morning has taken a step to shore up confidence in the security of its cloud computing products by introducing to them a two-factor authentication system.

And you can't beat the price: free.

Eran Feigenbaum, Google Apps director of security, writes this morning on the company's Enterprise Blog:

Two-step verification is easy to set up, manage and use. When enabled by an administrator, it requires two means of identification to sign in to a Google Apps account, something you know: a password, and something you have: a mobile phone. It doesn't require any special tokens or devices. After entering your password, a verification code is sent to your mobile phone via SMS, voice calls, or generated on an application you can install on your Android, BlackBerry or iPhone device. This makes it much more likely that you're the only one accessing your data: even if someone has stolen your password, they'll need more than that to access your account. You can also indicate when you're using a computer you trust and don't want to be asked for a verification code from that machine in the future.

The security measure the feature will first be available to users of Google Apps Premiere, Education, and Government. Other Google Apps users will see it "in the months ahead."

Eliminating the complexities and expense of such security systems was a key, says Google.

"Making this service available to millions of users at no cost took a great deal of coordination across Google's specialized infrastructure, from building a scalable SMS and voice call system to developing open source mobile applications for your smart phone," said Travis McCoy, a product manager for Google Apps. "The result is a feature we hope you'll find simple to manage and that makes it easy to better protect your account."

Jason Kincaid at TechCrunch believes the move by Google will be well received:

The news will also make Google Apps an even more tempting proposition for security-conscious businesses (Google notes that prior to this release, it was also the first company to receive FISMA certification in the collaboration/document sharing space). To make this more appealing to businesses, Google is also open-sourcing its authentication apps, so businesses can create their own custom-branded versions.

More details on the FISMA certification are available here.

Two-factor authentication systems are by no means fool-proof, as German authorities learned last year when thieves used man-in-the-middle attacks to circumvent a widely used version there and access numerous bank accounts.

Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up.

Linus Torvalds is now an American citizen.

An example of why cell phones do not belong in public bathrooms.

Rackspace pulls plug on Koran-burning church's Web site.

Kindle owner on her continuing love of 'real' books.

Google and Verizon put the final nail in hyperbole.

'Hope all is well' can be annoying as ... well, it can be annoying.

Pizza lovers suffer information theft from Hell.

Playboy's new site is safe for work? ... Not.

Queen of distracted driving gives new law the middle toe.

California considers digital ads on license plates.