In view of the ever increasing number of successful phishing attacks that leave users with compromised accounts, Google has announced the introduction of two-step verification for its corporate users.
Two-step verification is easy to set up, manage and use. When enabled by an administrator, it requires two means of identification to sign in to a Google Apps account, something you know: a password, and something you have: a mobile phone,” announced Eran Feigenbaum, Google Apps Director of Security.
“After entering your password, a verification code is sent to your mobile phone via SMS, voice calls, or generated on an application you can install on your Android, BlackBerry or iPhone device. This makes it much more likely that you’re the only one accessing your data: even if someone has stolen your password, they’ll need more than that to access your account.”
This is Google’s answer to all those companies who have migrated various aspects of their day to day activity to Google Apps, but were still worried about security risks involved.
To enable the option on their account, users must wait for the administrators to activate the two-step verification. Administrators for Google Apps Premier, Education, and Government Editions can do so immediately, but regular (non-paying) customers will get the option in the next few months.
Administrators will also be able to designate a trusted computer (for example your home desktop computer), so that you don’t have to go through the two-step verification process every time you access your account from there, reserving its use for devices like laptops, which are easily lost or stolen.