Monday, September 20, 2010 | 7:30 AM
[Cross-posted from the Google Enterprise Blog]
Cloud computing is about making your information easily accessible from anywhere, on any device. Until today, organizations looking to secure their information beyond a password have faced costs and complexities that prevented many of them from using stronger security technologies. Today we are changing that with the introduction of a more secure sign-in capability for Google Apps accounts that significantly increases the security of the cloud: Two-step verification. For the first time, we’re making it possible for organizations large and small to use this technology in just a few clicks for free. In the coming months, we’ll also be offering this same security to our hundreds of millions of individual Google users.
Two-step verification is easy to set up, manage and use. When enabled by an administrator, it requires two means of identification to sign in to a Google Apps account, something you know: a password, and something you have: a mobile phone. It doesn’t require any special tokens or devices. After entering your password, a verification code is sent to your mobile phone via SMS or generated on an application you can install on your Android, BlackBerry or iPhone (coming soon) device. This makes it much more likely that you’re the only one accessing your data: even if someone has stolen your password, they'll need more than that to access your account. You can also indicate when you're using a computer you trust and don't want to be asked for a verification code from that machine in the future.
Two-step verification is built on an open standard designed to allow integration with other vendors’ authentication technologies in the future. We are also open sourcing our mobile authentication app so that companies can customize it as they see fit.
Two-step verification continues Google’s stream of security innovation. In early 2009, we added the ability to view password strength and set minimum password length requirements for Google Apps accounts. Later in the year we were the first to provide HTTPS encryption to millions of users, and in 2010 Google Apps was the first cloud messaging and collaboration service to gain US government security certification.
Administrators for Google Apps Premier, Education, and Government Editions can activate Two-step verification from the Admin Control Panel now, and Standard Edition customers will be able to access it in the months ahead.
Posted by Eran Feigenbaum, Director of Security, Google Apps