Google tackles password weaknesses with two-step sign-on

Google is making it much harder for critics to question the security of its cloud-based products. Today, the company is announcing a new two-step log-in process that aims to strengthen the password security model by adding a dynamic layer.

The extra layer comes in the form of a numeric code that a user types in after entering the standard password into a Google account. That code, however, is a code that changes, unique to a single sign-on.

The code comes to the user by way of SMS, an automated phone call or a smartphone app and users have the flexibility to identify a regular computer, bypassing the need for a numeric code for subsequent visits.

In a blog post, Google points out that passwords are often the weakest link in a security chain. The company wrote:

Entering this code, in addition to a normal password, gives us a strong indication that the person signing in is actually you. This new feature significantly improves the security of your Google Account, as it requires not only something you know: your username and password, but also something that only you should have: your phone. Even if someone has stolen your password, they'll need more than that to access your account.

The service is free and will be rolled out first to Google Apps accounts. Eventually, the service will be added to all Google accounts.