Google today announced that it was adding the option of a two-step verification process to Google Apps, which requires users to log in using a password and a verification code that’s sent to their phone via SMS or generated using a mobile app.


The option of a two-step verification process has been added to Google Apps, Google announced today. Once activated by an administrator, the new authentication process requires users to log in using their password and a verification code that’s sent to their phone via SMS or generated using an Android, BlackBerry or iPhone app.

Users have the option of indicating that they are using a computer that they trust, which means that they won’t be asked for the verification code in the future from that machine for 30 days.

Google believes that this two-step authentication process, which might seem familiar to users of certain online banking websites, should make Google Apps much more secure; even if  a hacker steals a user’s password, they won’t be able to access the account.

The technology used to implement this system is based on open standards; Google hopes it will allow for integration with other vendors’ authentication technologies in the future. Google is also making the code for the mobile apps open-source so that its customers can customize them.

Administrators for Google Apps Premier, Education and Government Editions can activate two-step verification from the Admin Control Panel now; the mobile apps are available today. Standard Edition customers will be able to access it “in the months ahead.” Google is also planning on making the technology available for individual Google users.

Related GigaOM Pro content (sub. req.): Who Owns Your Data in the Cloud?

  1. I wonder how that works for IMAP users?

  2. I got message few days ago, and skipped. Latter was asked to update secondary email info(recovery mail)

  3. [...] phishing scams and the compromising of passwords, according to Google. WebWorkerDaily has details of the technology behind the new login [...]

  4. The “Remember verification for this computer” option seems to dilute the strength of the measure.

    Think about a stolen laptop. I’m willing to bet that most people who use a laptop as their primary work computer will check this option, which will leave their account open for anyone who happens to steal the computer within 30 days.

    Then again, this is definitely an improvement over today’s situation.

  5. [...] Google Apps Take Two Steps Toward A More Secure Cloud Google’s new, more secure login verification will make editing Google Docs on Android and iPad possible.  The technology for this is based on open standards, and hopes this will make integration with other vendor’s authentication technology possible. [...]


Comments have been disabled for this post