{"id":4306,"date":"2010-09-21T10:16:12","date_gmt":"2010-09-21T08:16:12","guid":{"rendered":"http:\/\/tokao.com\/?p=4306"},"modified":"2010-09-21T10:16:12","modified_gmt":"2010-09-21T08:16:12","slug":"google-is-making-your-account-vastly-more-secure-with-two-step-authentication","status":"publish","type":"post","link":"https:\/\/tokao.com\/wordpress\/2010\/09\/21\/google-is-making-your-account-vastly-more-secure-with-two-step-authentication\/","title":{"rendered":"Google Is Making Your Account Vastly More Secure With Two-Step Authentication"},"content":{"rendered":"

\"\"
\n\u201cTwo-factor authentication\u201d may be the least sexy-sounding feature I\u2019ve ever written about. But if you\u2019ve ever worried about being phished or having your password hacked, it could be your best friend \u2014\u00a0because it makes it much, much harder for a hacker to break into your account. Today, Google is announcing that it\u2019s bringing the security feature to its millions of users: the feature will be rolling out first for Google Apps Premiere, Education, and Government edition customers, with plans to bring it to\u00a0all<\/em> Google users (even those who aren\u2019t using its Apps suite) in the next few months.<\/p>\n

So what exactly is two-factor authentication? Most of the login systems you\u2019ve probably used are only \u2018one-factor\u2019 \u2014 you enter one password and you\u2019re in, but if that password gets compromised, you\u2019re toast. More secure systems are common in large businesses, and often require both a password\u00a0and<\/em> a physical card or dongle to login \u2014 these are called \u2018two-factor\u2019 systems, because they require both your password and another key, and are far more secure because a hacker probably isn\u2019t going to have that physical token. Unfortunately these security systems are generally quite expensive. But Google is bringing one to the masses.<\/p>\n

Google\u2019s system doesn\u2019t require a physical keycard. Instead, it relies on your mobile phone. First, you need to activate the optional feature from your settings page (again, this is only available to certain Google Apps customers at first). Then, when you go to sign in to your Google account, you\u2019ll first be asked to enter your password as usual. Next, you\u2019ll be brought to a screen asking for a verification code (see the screenshot above).<\/p>\n

The verification code comes from your mobile phone, which you\u2019ve previously linked up to your Google Account. Google has built a \u2018Google Authenticator\u2019 application for Android, the iPhone, and Blackberry \u2014\u00a0fire up the application, and it will give you the six digit verification code that you enter back into your browser (the system can also send you a SMS message or give you the code via voice call).<\/p>\n

\"\"<\/p>\n

That\u2019s it. The entire process only takes a minute or so, but it\u2019s much more secure because anyone wanting to access your account will also need access to your mobile phone. You can opt to require this two-factor authentication all the time, or you can elect to only require it one time per computer (in other words, you\u2019ll only need to enter it once on your home PC and\/or work computer).<\/p>\n

Like I said, this may not sound sexy, but it\u2019s a big deal. Given how much data users are storing on Google, and the fact that plenty of people still fall prey to phishing scams on a regular basis, this is a major step in helping keep users secure. This is all optional (unless your Apps administrator sets a policy requiring it), but I suspect Google will be making a push to urge users to take advantage of the new system as it begins rolling out more broadly.<\/p>\n

The news will also make Google Apps an even more tempting proposition for security-conscious businesses (Google notes that prior to this release, it was also the first company to receive FISMA certification in the collaboration\/document sharing space). To make this more appealing to businesses, Google is also open-sourcing its authentication apps, so businesses can create their own custom-branded versions.<\/p>\n

(via techcrunch<\/a>)<\/h5>\n","protected":false},"excerpt":{"rendered":"

\u201cTwo-factor authentication\u201d may be the least sexy-sounding feature I\u2019ve ever written about. But if you\u2019ve ever worried about being phished or having your password hacked, it could be your best friend \u2014\u00a0because it makes it much, much harder for a hacker to break into your account. Today, Google is announcing that it\u2019s bringing the security […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2],"tags":[9,6],"class_list":["post-4306","post","type-post","status-publish","format-standard","hentry","category-technology","tag-google","tag-techcrunch"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/posts\/4306","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/comments?post=4306"}],"version-history":[{"count":0,"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/posts\/4306\/revisions"}],"wp:attachment":[{"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/media?parent=4306"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/categories?post=4306"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/tags?post=4306"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}