Posted by Travis McCoy, Product Manager, Google Security TeamEntering your username and password on a standard website gives you access to everything from your email and bank accounts to your favorite social networking site. Your passwords possess a lot of power, so it's critical to keep them from falling into the wrong hands. Unfortunately, we often find that passwords are the weakest link in the security chain. Keeping track of many passwords is a pain, and unfortunately accounts are regularly compromised when passwords are too weak, are reused across websites, or when people are tricked into sharing their password with someone untrustworthy. These are difficult industry problems to solve, and when re-thinking the traditional username/password design, we wanted to do more.
As we explained today on our
Google Enterprise Blog, we've developed an option to add two-step verification to Google Apps accounts. When signing in, Google will send a verification code to your phone, or let you generate one yourself using an application on your Android, BlackBerry or iPhone device. Entering this code, in addition to a normal password, gives us a strong indication that the person signing in is actually you. This new feature significantly improves the security of your Google Account, as it requires not only something you know: your username and password, but also something that only you should have: your phone. Even if someone has stolen your password, they'll need more than that to access your account.
Follow
11 comments :
Pls don't leave MAEMO and Nokia N900 begind.
I am delighted to hear that Google now has the security feature that have been keeping my World of Warcraft account safe for years: the Battle.net Authenticator. Just remember to create a backup of the software on your phone to avoid a situation where they don't think you're you because your software upgrade or reinstall deletes your verification software.
Yay good step, definitely right direction.
The Google Enterprise Blog mentions that the verification process is built on open standards. Can you please provide some details on what Open Standards are at play here?
I would like to have this work with OATH tokens, as well as my phone. Losing my phone would lock me out of my apps.
The open standards are mentioned on the open source page for the phone app! It's OATH-based.
http://code.google.com/p/google-authenticator/
Is this authentication option going to extend beyond paid products?
Will this be coming to personal gmail.com accounts?
What about adding a two-phase commit protocol (2PC) on top of you're current idea ???
I have been locked out of my Gmail account for inactivity for months. I have tried so much with out any way to gain access to my account. Does anyone have any idea how to help me?
and i have gone through all lost password proses google offers and none of that works.
I am still bummed that two-step verification doesn't work with iChat on my new MBP. I've tried to make an application specific password multiple times and the forums are closed on Google Talk. ;(
Post a Comment