Google Apps Take Two Steps Toward A More Secure Cloud


The option of a two-step verification process has been added to Google Apps, Google (s goog) announced today. Once activated by an administrator, the new authentication process requires users to log in using their password and a verification code that’s sent to their phone via SMS or generated using an Android (s goog), BlackBerry (s rimm) or iPhone (s aapl) app.

Users have the option of indicating that they are using a computer that they trust, which means that they won’t be asked for the verification code in the future from that machine for 30 days.

Google believes that this two-step authentication process, which might seem familiar to users of certain online banking websites, should make Google Apps much more secure; even if  a hacker steals a user’s password, they won’t be able to access the account.

The technology used to implement this system is based on open standards; Google hopes it will allow for integration with other vendors’ authentication technologies in the future. Google is also making the code for the mobile apps open-source so that its customers can customize them.

Administrators for Google Apps Premier, Education and Government Editions can activate two-step verification from the Admin Control Panel now; the mobile apps are available today. Standard Edition customers will be able to access it “in the months ahead.” Google is also planning on making the technology available for individual Google users.

Related GigaOM Pro content (sub. req.): Who Owns Your Data in the Cloud?


Kimmo Linkama

The “Remember verification for this computer” option seems to dilute the strength of the measure.

Think about a stolen laptop. I’m willing to bet that most people who use a laptop as their primary work computer will check this option, which will leave their account open for anyone who happens to steal the computer within 30 days.

Then again, this is definitely an improvement over today’s situation.


I got message few days ago, and skipped. Latter was asked to update secondary email info(recovery mail)

Comments are closed.