Skip to main content

Google Lets Users Double-Down on Account Security

The net is getting a little safer for Google users Thursday, as the company unveils an option to lock down their accounts with more than just a password.
Starting Thursday all Google users can choose to turn on a so-called “two-factor authentication” feature, which will require them to type in a special, short-lived second password in addition to their normal password to get into their account. Users will be able to get the codes by text or a phone call, or use smart phone apps for Android, iPhone and Blackberry to generate the codes.
The idea isn’t new, even though this is the first time such a security option has been offered for free by a major online e-mail service.
Government agencies, banks, online games such as World of Warcraft, and investment companies have long used little keychain fobs that generate cryptographically secure, random codes every few minutes. To log on to your account, you first type in your usual username and
password and then type in the one-time code.
Nishit Shah, a product manager for security, says the new security feature should help prevent hackers from getting into sensitive accounts, like Gmail, by snooping passwords or by exploiting security breaches, like the one that recently exposed the e-mail addresses and passwords of Gawker Media commenters — a huge problem since many users reuse the same password over and over.
“I’ve been using my Gmail account almost every day for five years,” Shah said. “My Google account is invaluable to me.”
The feature has been available to paid Google Apps users for six months, and over the last few months, the company has been testing the feature internally and with users who have been having problems with hackers getting into their accounts.
“We have seen instances where user accounts would have been compromised without this feature,” Shah said.
The feature is now listed under the Account Settings page for Google users.
But he warns this is not a feature that is simply turned on by clicking a check box, and advises users to set aside about 15 minutes to set it up.
That’s because users will have to navigate a few hurdles. For instance, they’ll be given the option to give out a backup phone number — either a landline or a trusted friend — in case their phone is lost or broken. Additionally, programmatic access to Google accounts, such as IMAP access to Gmail, won’t use the normal password and instead will have to be reset with a special 16-character, randomly generated password.
The security feature does introduce some complexity. For instance, those who are traveling to another country may not be able to get text messages while traveling. The smart phone apps for Android and the iPhone, however, will generate usable codes even without a net connection.
To help, Google is also offering the option of preprinted special codes that a user can choose to use while traveling.
That’s especially useful for anyone who uses a free computer in a hotel or hostel, which could easily be infected with a password-stealing trojan. With the additional codes, even a hacker who snagged your username and password off such a computer couldn’t get into your account, since he wouldn’t know what the next special code is supposed to be.
So what happens if you lose your phone and the backup number you set up is no longer in service?
Shah says the company has thought this through, and there is a final way to regain access to your account with tough-to-answer security questions.
The two-factor authentication feature is currently offered only to English-speaking users, but translation is under way and should be available via smartphone apps to all Google users in their native languages in the coming months.


Popular posts from this blog

Top 5 Women Who Impacted Technology in 2010

Katie Stanton, International Strategist for Twitter Katie Stanton has impressively long names of companies in her resume. They include the White House, Google Inc, and her latest addition is Twitter. Her remit is working on Twitter’s international strategy and her experience in social media will be a key asset to the company. Katie has a history of working in technology, and her knowledge of departmental laws will help Twitter work alongside government agencies, as she’ll be spearheading the free information approach, especially after the Wikileaks incident. Stanton has been a key player in the techsphere for some time, and this extends to her private life. Following the Haiti disaster she worked with a group of engineers to create a free texting service to help those in need and she is constantly in demand as an expert in both social media and government policy.
Caterina Fake, Co-Founder of Flickr and Hunch Despite having a surname which sounds like a pseudonym for a spy (it’…

AT&T MiFi 2372 review

In the week or so that I have been testing the AT&T MiFi 2372 by Novatel Wireless, it has already saved no less than three lives. First, it saved my cable guy’s life. You see, Time Warner Cable provides the worst home Internet service I have ever experienced. I can’t even think of a close second. If providing terrible home Internet service was a sport, Time Warner Cable would be on its tenth consecutive undefeated season. Forget the fact that my upload speed is capped at 60Kbps and I’m lucky if I can get half that — it has been months since I’ve gone through a full day without at least one service interruption. Months. Unfortunately, Time Warner Cable has an exclusive contract with my building so I have no choice but to endure its abysmal service. Last week, as a Time Warner Cable technician entered my home for the sixth time in two months, I realized that this certainly would have spelled serious trouble had it not been for my trusty new back up device. Before the Mi…

Evolution Of Computer Virus [infographic]