Google on Monday announced the addition of new security layer to user logins -- a two-step authentication process that requires a combination of a password and a verification code sent to the users' mobile phones. The new feature will be rolled out first to its paying customers, i.e. Google Apps Premiere, Education, and Government edition customers, with plans to bring it to all Google users in the next few months.
What is two-step authentication?
Most of the login systems on the web uses ‘one-factor’ authentication where you enter one password and you’re in. But if that password gets compromised, you’re screwed. More secure systems require both a password and a physical card or dongle to login. These are called ‘two-factor’ systems, because they require both your password and another key, and are far more secure because a hacker probably isn’t going to have that physical token.
Google’s system uses your mobile phone as the physical keycard. First, you need to activate the two-step authentication feature from your settings page. The next time you sign in to your Google Apps account on a new browser or device, you enter your username and password as usual. You’re then prompted with a second page to enter a verification code. The verification code is a 6 digit code that will be sent your mobile phone, which you’ve previously linked up to your Google Account, via SMS message or voice call.
This makes your Google account more secure as even if your password is cracked, guessed, or otherwise stolen, an attacker can't sign in without access to your verification codes, which only you can obtain via your own mobile phone.
There is an option where you can check the Remember verification for this computer checkbox and you will be prompted to enter a verification code once every 30 days per browser or after deleting your browser’s cookies.
Google says that in the coming months, Google Apps Standard Edition and hundreds of millions of individual Google users will be able to enjoy this feature as well.