Google Apps adds two-step authentication

Summary:The company has introduced a two-stage authentication for business users of Google Apps, in which a verification code is sent to a mobile device

Google has introduced two-factor authentication for business users of Google Apps, aimed at making the process more secure.

Under the system, announced on Monday, a user signs into Gmail and other Google Apps using a password, then verifies the log-in by inputting a code sent to the user's mobile phone.

"Until today, organisations looking to secure their information beyond a password have faced costs and complexities that prevented many of them from using stronger security technologies," said Google Apps director of security Eran Feigenbaum in a blog post. "Today we are changing that with the introduction of a more secure sign-in capability for Google Apps accounts that significantly increases the security of the cloud — two-step verification."

At present, the authentication is available only to companies that subscribe to Google Apps for Business, which costs £33 per user, per year. Customers of the Google Apps cloud service will be able to use two-factor authentication for free. Google Apps Standard Edition users will be able to use the service "in the coming months", according to Feigenbaum.

The service can be switched on for a company's users by an administrator. Once people enter their password, the verification code is sent to their phone as an SMS text, a voice call or generated on an application that can be installed on an Android, BlackBerry or iPhone device, Feigenbaum said.

"Google recognising that passwords are a big risk is a huge step forward," said authentication security expert Jason Hart, who is a senior vice president at two-factor authentication company Cryptocard. "It's a simple matter to get someone's username and password using social engineering or man-in-the-middle attacks."

Hart added the caveat that Google's plan to send a verification code to a mobile device would not be completely successful in areas with patchy mobile coverage, such as rural parts of the UK.

Before Monday, companies were limited to incorporating third-party two-factor authentication into Google Apps. For example, a 2008 article on HowtoForge gave details of how to implement open-source two-factor authentication software in Google Apps.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.