Google tightens up Apps security

Posted by Emma Woollacott

Google is hoping to assuage fears over security in the cloud with a new, two-step identity verification process for Google Apps.

Users download a new authentification app which then calls for two means of identification to log into a Google Apps account - a password and a phone. It's the same principle as the system used by many large companies, but using the phone itself as a verification device, rather than a separate smartcard.

After the user enters their password, a verification code is sent to the phone via SMS or a voice calls. A code can also be generated by an installed application if the user is out of range.

"This makes it much more likely that you’re the only one accessing your data: even if someone has stolen your password, they'll need more than that to access your account," says Eran Feigenbaum, director of security for Google Apps.

""You can also indicate when you're using a computer you trust and don't want to be asked for a verification code from that machine in the future."

The system is available now for Blackberry and Android phones; Google says it plans to add support for iPhone users soon.

"Two-step verification is built on an open standard designed to allow integration with other vendors’ authentication technologies in the future. We are also open sourcing our mobile authentication app so that companies can customize it as they see fit," says Feigenbaum.

The new system can be activated by administrators now for Google Apps Premier, Education, and Government Editions. Over the next few months, it will be opened up for use by all Google users.