Risk
9/17/2010
06:44 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Apps Adds Two-Step Verification

Enhanced security is now available to Google Apps enterprise customers via their mobile phones.

Google Authenticator App
(click image for larger view)
Google Authenticator App

Google on Monday plans to offer its users improved security through the introduction of a two-step login verification process.

Initially, two-step verification will be available to Google Apps Premiere, Government, and Education edition users, at no extra charge. But Google plans to make the technology available to all its users in the coming months, once the company is confident it can scale the technology to meet demand.

Google is expected to make the announcement at an enterprise conference called Atmosphere, which is being held in a hotel near Paris, France.

Two-step verification is already offered as an option by many online banks. An online banking customer can have a verification code sent to his or her mobile phone when a login attempt is initiated. In order to complete the login process successfully, the customer must supply the code sent to the mobile device in addition to a user name and password.

Starting Monday, if enabled by a Google Apps administrator, Google Apps Premiere, Government, and Education edition users have the option of receiving an SMS message or voice call on their mobile phones with a login verification code. Users of Android, Blackberry, and (soon) iPhone devices also have the option of downloading a mobile app called Google Authenticator that can generate a login verification code without the need for network access.

Google plans to open-source the code for these mobile applications to allow third parties to adapt them to specific enterprise security needs, such as integration with an existing on-premises authentication system.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5211
Published: 2015-01-27
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.

CVE-2014-8154
Published: 2015-01-27
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overf...

CVE-2014-9197
Published: 2015-01-27
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

CVE-2014-9198
Published: 2015-01-27
The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.

CVE-2014-9646
Published: 2015-01-27
Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.