Feeds

Google Apps tap mobiles for beefier log-in security

Cell phone as security token

Boost IT visibility and business value

Google is tapping user cell phones to provide an extra level of sign-in security for Google Apps, its suite of online business applications.

On Monday, the company announced that it's now offering what it calls two-step verification. When the new tool is turned on and you log in to your Google Apps account, it requires not only a password but a separate verification code pulled from your mobile phone. "This makes it much more likely that you’re the only one accessing your data," the company said in a blog post. "Even if someone has stolen your password, they'll need more than that to access your account."

The verification code is sent to your mobile phone via SMS, voice call, or an application that's available for Android handsets, BlackBerries, and iPhones. The service is available today for free on the Premier, Education, and Government editions of Google Apps, and users of the free Standard edition will have access "in the months ahead."

Administrators must activate the tool from the Admin Control Panel, and individual users can then set it up via the Accounts tab on their Gmail settings page. If you like, you can turn the service off for certain "trusted computers" (i.e. your work desktop) but leave it on whenever your account is accessed from other machines. "You can...indicate when you're using a computer you trust and don't want to be asked for a verification code from that machine in the future," the company said.

Google also plans to roll the service out across individual Google accounts (i.e. regular accounts for non-Google Apps users) in the coming months.

In an effort to encourage other outfits to adopt similar services, Google has based its two verification on the Initiative for Open Authentication (OATH) standard (not to be confused with OAuth), and it has open sourced its verification code mobile application – Google Authenticator – so that others can customize it as they see fit. ®

Boost IT visibility and business value

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
Intel's Raspberry Pi rival Galileo can now run Windows
Behold the Internet of Things. Wintel Things
Linux Foundation says many Linux admins and engineers are certifiable
Floats exam program to help IT employers lock up talent
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Eat up Martha! Microsoft slings handwriting recog into OneNote on Android
Freehand input on non-Windows kit for the first time
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.