Google Apps admins gain two-step security powers

Google Apps got a security bump on Tuesday, with Google making it possible for administrators to force the use of two-factor authentication.

The feature, which Google calls '2-step verification' in its implementation, adds a phone-derived code to the credentials a user needs to log into their Google account. It was introduced in 2010 for Apps users and subsequently extended to the general public, but until now it has remained optional for all users.

That changed on Tuesday, according to a blog post by Google Apps product manager Rishi Dhand.

"Starting today, domain administrators can require the users in their domain to use 2-step verification," Dhand wrote. "This new feature will help Google Apps customers accelerate their deployment of 2-step verification."

Dhand pointed out that two-factor authentication "greatly reduced the chance of unauthorised access via account hijacking or other means".

"Even if someone has stolen your password, they'll need more than that to access your account," he explained.

Dhand also announced new capabilities for Apps customers that use Microsoft Active Directory (AD). "Businesses can manage password policies (e.g. password strength, reset intervals, etc.) using AD and then synchronise from AD to Google Apps when passwords are changed. Passwords are transmitted hashed and encrypted during synchronisation," he wrote.