Risk
9/17/2010
06:44 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Apps Adds Two-Step Verification

Enhanced security is now available to Google Apps enterprise customers via their mobile phones.

Google Authenticator App
(click image for larger view)
Google Authenticator App

Google on Monday plans to offer its users improved security through the introduction of a two-step login verification process.

Initially, two-step verification will be available to Google Apps Premiere, Government, and Education edition users, at no extra charge. But Google plans to make the technology available to all its users in the coming months, once the company is confident it can scale the technology to meet demand.

Google is expected to make the announcement at an enterprise conference called Atmosphere, which is being held in a hotel near Paris, France.

Two-step verification is already offered as an option by many online banks. An online banking customer can have a verification code sent to his or her mobile phone when a login attempt is initiated. In order to complete the login process successfully, the customer must supply the code sent to the mobile device in addition to a user name and password.

Starting Monday, if enabled by a Google Apps administrator, Google Apps Premiere, Government, and Education edition users have the option of receiving an SMS message or voice call on their mobile phones with a login verification code. Users of Android, Blackberry, and (soon) iPhone devices also have the option of downloading a mobile app called Google Authenticator that can generate a login verification code without the need for network access.

Google plans to open-source the code for these mobile applications to allow third parties to adapt them to specific enterprise security needs, such as integration with an existing on-premises authentication system.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.