The latest news and insights from Google on security and safety on the Internet
July 28, 2011
2-step verification: stay safe around the world in 40 languages
(Cross-posted from the Official Google Blog)
Earlier this year, we introduced a security feature called 2-step verification that helps protect your Google Account from threats like password compromise and identity theft. By entering a one-time verification code from your phone after you type your password, you can make it much tougher for an unauthorized person to gain access to your account.
People have told us how much they like the feature, which is why we're thrilled to offer 2-step verification in 40 languages and in more than 150 countries. There’s never been a better time to set it up: Examples in the news of password theft and data breaches constantly remind us to stay on our toes and take advantage of tools to properly secure our valuable online information. Email, social networking and other online accounts still get compromised today, but 2-step verification cuts those risks significantly.
We recommend investing some time in keeping your information safe by watching our 2-step verification video to learn how to quickly increase your Google Account’s resistance to common problems like reused passwords and malware and phishing scams. Wherever you are in the world, sign up for 2-step verification and help keep yourself one step ahead of the bad guys.
To learn more about online safety tips and resources, visit our ongoing security blog series, and review a couple of simple tips and tricks for online security. Also, watch our video about five easy ways to help you stay safe and secure as you browse.
Update on 12/1/11: We recently made 2-step verification available for users in even more places, including Iran, Japan, Liberia, Myanmar (Burma), Sudan and Syria. This enhanced security feature for Google Accounts is now available in more than 175 countries.
10 comments:
You are welcome to contribute comments, but they should be relevant to the conversation. We reserve the right to remove off-topic remarks in the interest of keeping the conversation focused and engaging. Shameless self-promotion is well, shameless, and will get canned.
Note: Only a member of this blog may post a comment.
Thank you for making this available worldwide, Google! ♥
ReplyDeleteany chance an app for Windows Phone is on the way?
ReplyDelete2-factor authentication is great, but I already have a YubiKey on my keychain. I think it would be great if Google supported YubiKey. Thanks!
ReplyDeleteWe've made our web service and free mobile apps available at Duo Security to enable every website to do as Google's done.
ReplyDeleteWe only have users in 42 countries, but we're catching up! :-)
Thanks, Google, for protecting your users. We hope more companies follow your lead!
I follow a couple of Google Blogs, which are very useful in keeping updated.
ReplyDeleteIt pains me that all Blogs do not have a consistency in terms of being able to subscribe by email.
Some do allow email subscription, most do not.
What a pity since email allows me to choose only the blogs I REALLY read as opposed to "READ when FREE" type blogs on my Google Reader.
So, Please enable email subscription for all Google Blogs.
The "Remember location for 30 Days" tick box just uses a cookie, which for me is redundant as I clear cookies on exit (Chrome, Firefox, etc.). This means I have to always enter a verification code, which to be honest doesn't bother me too much but possibly could be better without impacting the effectiveness of the security.
ReplyDeleteUsing Ubuntu One as an example, machines are authenticated against an account. The list of authorised machines can be shown and any authorised machine can be de-authorised (from anywhere).
Could something similar be incorporated into two-step? Still the same process but instead of identifying a machine by a browser cookie (I.e. client-side) the machine itself is identified and the list of authorised machines be maintained server-side.
The Google Dashboard could be updated to allow users to manage their authorised machines.
Maybe a manual process is required to add a machine to the list of authorised machines. Remove the tickbox for "Remember..." so that you can never really accidentally add a "public" machine to that list.
Either way using 2-step and think it's a good idea. Thank you for the feature.
Are sites like spy.scorpio.com really cracking accounts and getting passwords or is there an insider helping these Crackers out?
ReplyDeleteThe one thing I don't like about thsi feature is the "Thank you for using..." part which comes up initially. Just give us the code up front (repeat twice).. then say the "Thank you..." message.
ReplyDelete1. Its a waste of everyones time to listen to this message up front.
2. I think you are wasting energy unecessarily forcint people for a few seconds to listen to it... I am sure it will save a few barrels of oil if you remove that message up front.
Have you got the latest stats on how many gmail.com accounts are compromised per day?. This would be a more compelling argument for enabling 2-step verification
ReplyDeleteHi,
ReplyDeleteI generally find 2-step authentication a great feature, but the way it is implemented doesn't work for me for a number of reasons, the main one being that I frequently travel where I do not have mobile access, and one-time codes are a security risk.
Now I am less concerned in my account being accessed for read / write, but totally hijacked, i.e. password changed.
Wouldnt it have been better for special cases as myself and the general population, if standard account access was via simple password, BUT if chnaging account access, i.e. password, THEN some form of 2-step authentication would be required.
I think this would have been a good half-way house, and more likely with a higher adoption rate...
Just thinking
marcel