Two-Factor Authentication Comes to Google Accounts
You have your Gmail account and you use it for everything. But it’s more than just e-mail; it’s also tied to your calendar and stored documents. For some, it also means your Google Voice phone number. It is probably your email address of choice for Amazon, Facebook and a host of other services.
Some of those sites may store your credit card information. You have one password separating you from total information access. If that password is discovered, you have just given away access to your life.
Enter 2-step verification from Google. This verification process will add an extra step before letting you log into your Google Account, hence the name 2-step verification.
Image courtesy of Google Blog.
How does it work?
You sign into your Gmail or other Google Account service with your email address and password just like before. Right after, Google provides a second box for a code number you can enter to verify that the person accessing the account is really you.
The code can come from one of three sources:
How Does This Help Protect You?
Simply put, anyone can access a web page and enter a username and password. However, the verification code comes to your cell phone. In an ideal world, only you should have that. Many banks have used this system for years, issuing customers a keychain-sized fob that receives a new code that is used in conjunction with account numbers and passwords.
Two-factor authentication provides an extra layer of “this is really me” protection. In movies we have seen retina scans or fingerprints used in conjunction with a PIN number. While your Gmail account might not seem like a government bunker, think of what happens if someone gets access to your Gmail account and uses it to reset passwords on your Amazon or bank account, gain access and make purchases without you even knowing until it is too late.
Google already gave Google Apps users two-step verification last September. They’re finally unrolling it to standard Google Accounts.
While there is still no word yet from Google how they will protect your phone, they have taken steps to respond to the business community’s concerns about remote wiping of an Android device and other enterprise-ready features. Together, these security features help bring Google’s online and mobile services into an enterprise-ready level of security.