Google Apps admins gain two-step security powers

Google Apps admins gain two-step security powers

Summary: Google Apps got a security bump on Tuesday, with Google making it possible for administrators to force the use of two-factor authentication.The feature, which Google calls '2-step verification' in its implementation, adds a phone-derived code to the credentials a user needs to log into their Google account.

SHARE:
TOPICS: Telcos
1

Google Apps got a security bump on Tuesday, with Google making it possible for administrators to force the use of two-factor authentication.

The feature, which Google calls '2-step verification' in its implementation, adds a phone-derived code to the credentials a user needs to log into their Google account. It was introduced in 2010 for Apps users and subsequently extended to the general public, but until now it has remained optional for all users.

That changed on Tuesday, according to a blog post by Google Apps product manager Rishi Dhand.

"Starting today, domain administrators can require the users in their domain to use 2-step verification," Dhand wrote. "This new feature will help Google Apps customers accelerate their deployment of 2-step verification."

Dhand pointed out that two-factor authentication "greatly reduced the chance of unauthorised access via account hijacking or other means".

"Even if someone has stolen your password, they'll need more than that to access your account," he explained.

Dhand also announced new capabilities for Apps customers that use Microsoft Active Directory (AD). "Businesses can manage password policies (e.g. password strength, reset intervals, etc.) using AD and then synchronise from AD to Google Apps when passwords are changed. Passwords are transmitted hashed and encrypted during synchronisation," he wrote.

Topic: Telcos

David Meyer

About David Meyer

David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't pay the bills. David's main focus is on communications, as well as internet technologies, regulation and mobile devices.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • I am a strong supporter of 2FA and only feel secure if I telesign into my accounts. This gives me the confidence that my account won't get hijacked and my credit card information isn't up for grabs.
    anonymous