Your online deadbolt: Google opens 2-step verification to all users

Your online deadbolt: Google opens 2-step verification to all users

Summary: Google account holders will soon be seeing an invitation to opt-in to a 2-step verification sign-on feature being offered by the company, a online deadbolt that makes it harder for someone to hack into your account.The feature, which has been available for Apps customers and is now being offered to all account holders, adds a second step of entering a code that is sent to the user's mobile phone - either by phone call, SMS text or a smartphone app.

SHARE:

Google account holders will soon be seeing an invitation to opt-in to a 2-step verification sign-on feature being offered by the company, a online deadbolt that makes it harder for someone to hack into your account.

The feature, which has been available for Apps customers and is now being offered to all account holders, adds a second step of entering a code that is sent to the user's mobile phone - either by phone call, SMS text or a smartphone app. By doing so, Google is increasing the likelihood that the account holder is the person who is trying to sign-in to the account.

There's a whole process that users have to go through to enable the feature, which is a good thing. The feature won't be activated on accounts, by default. Users have to go in and take care of that. Likewise, users will have to think about their scenarios and what makes sense - such as allowing sign-ins from a specific computer to use the same code for 30 days. And you'll need to come up with a backup phone number and backup code in case the primary phone is lost or damaged.

Remember: we're not just talking about e-mail here. Those accounts include Google Docs, Calendar, Picasa, Blogger and a number of other properties

Google has faced a fair share of critics who have questioned the company's attitude about privacy. This is Google's way of spinning it back on users to make a commitment of their own.

Sure, it's a minor inconvenience to have to verify your log-in attempt with a mobile phone code. But so is using a second key to unlock the deadbolt on your front door. But imagine the opportunity you're giving to a bad guy just because you weren't willing to invest a few extra seconds.

The feature will be unlocked in the account settings.

Topics: Google, Data Management, Mobility, Storage, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

20 comments
Log in or register to join the discussion
  • Just another Google scam to steal more personal information

    Google needs a deadbolt because... you know... your Google Docs (aka a poor man's notepad) and calendar is soooo important. Oh yeah, I'm going to give them my mobile info.
    iPad-awan
    • RE: Your online deadbolt: Google opens 2-step verification to all users

      @iPad-awan obviously you haven't been hacked and had malware and pharmaspam sent to everyone on you contacts list.

      Unfortunately this doesn't fix the vulnerability of malicious websites (ever type in a wrong URL?) being able to access your google account if you have it open.

      But it is a step in the right direction, and is opt-in. I honestly wish more companies would adopt 2-stop logins.
      keitha73-23430377852780425463534611145075
    • RE: Your online deadbolt: Google opens 2-step verification to all users

      @iPad-awan You can easily turn it off by going to the Using 2-step verification new window page under your Google Account settings. Sign in with your username, password, and verification code if prompted. Then just click Turn off 2-step verification. <a style="text-decoration: none; color: #333333;" href="http://www.the-toronto-realestate.com/">Toronto homes</a>
      starksdev305
  • RE: Your online deadbolt: Google opens 2-step verification to all users

    It's not just a few extra seconds. Some of us (particularly in Canada) have to pay high rates for every cell phone text message we receive.

    Rather than this, they ought to have separate sign-ons for each application. Single-sign-on is just another name for single-point-of-failure, and I avoid it. This means I don't use Google or Facebook much.
    rgcustomer@...
    • RE: Your online deadbolt: Google opens 2-step verification to all users

      @rgcustomer@... if you don't want a 2-step login, don't opt-in. Duh.
      keitha73-23430377852780425463534611145075
      • RE: Your online deadbolt: Google opens 2-step verification to all users

        @keitha73 "don't opt-in" and he won't of course. Duh.
        kdjkdj@...
    • RE: Your online deadbolt: Google opens 2-step verification to all users

      @rgcustomer@... <br>As long as you are located within Canada's borders, Fido customers never pay anything to receive a text message, no matter whether they're on contract or prepaid, and no matter whether or not they subscribe to a text messaging add-on for outgoing texts.<br><br>Same goes for Koodoo Mobile. And Virgin Mobile Canada.<br><br>If you subscribe to these networks' parent companies (Bell, Telus, and Rogers) then you do have to pay for incoming texts -- unless you already happen to place outgoing texts on a fairly regular basis, in which case you really ought to have subscribed to an outgoing text messaging plan -- and all outgoing text messaging plans, of any denomination, from the Big Three, all include unlimited incoming texts.<br><br>If you anticipate travelling internationally, then receiving text messages can become pricey if you don't keep then in check.
      lfmorrison
    • RE: Your online deadbolt: Google opens 2-step verification to all users

      @rgcustomer@...
      <a href="http://cupu.web.id/deal-special-dari-kriskros-com/">Deal Special dari KrisKros.com</a>
      <a href="http://www.seo.corsva.com/">Deal Special dari KrisKros.com</a>
      <a href="http://www.seoweblog.net/deal-special-dari-kriskros-com/">Deal Special dari KrisKros.com</a>
      upinson
  • RE: Your online deadbolt: Google opens 2-step verification to all users

    Hi @rgcustomer,

    In case the text message costs are high in Canada, you could consider using the Voice call option, or use a smart phone application (Google Authenticator) for Android, BlackBerry, or the iPhone.
    NishitShah
  • Another ass-first approach to security.

    Google just handed malicious users the keys to accounts - 99% of people will not go through the process of doing this to lock up their accounts, meaning that when/if their accounts DO get hacked, malicious users can now lock people out of their own accounts by hooking up a phone/phones of their own as second line of "defense".

    Way to go google.
    Alan Burns
    • RE: Your online deadbolt: Google opens 2-step verification to all users

      @Alan Burns First, that would be the fault of the user.

      Second, google already has account security options that tie to your phone, preventing your password from being changed without phone authorization. People just need to take the time to set it up.

      This is just an addition to the "login" system. Its a good thing....really it is.
      keitha73-23430377852780425463534611145075
      • RE: Your online deadbolt: Google opens 2-step verification to all users

        @keitha73 so now to be a *SAFE* 21st century computer user, you have to have a mobile phone? Did the government make this part of the healthcare act?
        ray.case@...
  • RE: Your online deadbolt: Google opens 2-step verification to all users

    @Alan Burns
    I agree that most people will not take advantage of this added security. Having said that, I've had this with my bank for some time and like that it's there. I'll use it.
    bein' easy
    • RE: Your online deadbolt: Google opens 2-step verification to all users

      @bein' easy
      Sad but probably correct. Look at how many people actually keep the OS updated... probably easily apply the same % here.
      ItsTheBottomLine
  • Works great

    I've been beta testing this feature for a while and love it. Setting up all your devices and applications that use Google signin is initially a pain; however, once you reach a stable state, it can be a huge piece-of-mind.... especially for heavy google users with multiple computers/devices.
    trophygeek
  • RE: Your online deadbolt: Google opens 2-step verification to all users

    Someone should tell Google that mobile phones are not particularly secure themselves.

    If Google is going to add a 2-step security process, they should at least make the 2nd step something that is more secure than the first step.
    Allstar_z
  • A type of two-factor authentication ...

    As with any type of information security you have assess your risk. Do you have something of value that others may want and is the cost of a control more then the potential loss? And I'd say if you have a big email address list then the information you have is very valuable to others (the bad guys). The cost to you is the time to go with google's new two-factor authentication. The three forms used for identification are: "something you know" - a pin or password; "something you have" - a card or key fob; and "something you are" - fingerprint, palm geometry, retinal pattern. With this Google requires you to "know" your password and "have" your phone. Like the banks that require you to "know" your pin and "have" your ATM card.
    www.maseconsulting.com
    photogo
  • I'd settle for Certificate Based access..

    Using My public / private keys, not one generated for me by the vendor. The "password" process is kept local, just to decrypt the Private Key, so never leaves the local device.

    You need the "Password or phrase", you know, plus the "Private Key", you have.

    SMS is both unreliable (sometimes just does not get delivered or is not delivered in a timely manner) as well as being a bucket brigade where the messages are stored in intermediate systems. Why is that safer than Email? Do we trust carriers' staff more than ISPs'?
    david.hunt@...
  • this is stil unavailable for my account :(

    I just tried to activate this and Google told me it's "coming soon" :/
    JT82
  • Why not use a system that already works?

    My bank...like many banks...uses a 2-step process that is MUCH faster, and I will bet, just as secure.
    An opening screen asks for my username. Once entered, I click to logon. A photo I selected in the security set-up process pops up. If it is the photo I selected, I am able to enter my password. Ten seconds have passed and I am all set!
    sk8mandon