Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Apps Gets Two-Factor Security

Posted by CmdrTaco on from the third-factor-requires-blood-sample dept.

judgecorp writes "Passwords alone are not enough to secure access. Many organisations require two-factor authentication with a token. Google just added free two-factor verification to Google Apps, sending a one-off token to the user's mobile phone. It's good to have this for free, and it backs up Google's assertion that cloud apps are more secure — but it doesn't answer how it helps if an intruder is getting into Apps through a lost or stolen phone."

7 of 118 comments (clear)

  1. There's a price. by Anonymous Coward · · Score: 5, Insightful

    For the low low price of your mobile phone number we will give you some extra security!

  2. Re:...because it's 2 factor... by chill · · Score: 4, Insightful

    Allow me to introduce you to Google's "I lost my password, send me a code to my mobile phone to reset it" feature...

    --
    Learning HOW to think is more important than learning WHAT to think.
  3. If *anything* gets stolen... by NYMeatball · · Score: 4, Insightful

    It sort of compromises everything - but that doesn't mean it's a bad form of authentication, does it?

    Once your machine, token, credentials, anything have been physically compromised, it's generally accepted that you're hosed (at least for that one factor).

    Seems like a step in the right direction.

  4. Re:Cloud apps more secure? by ibsteve2u · · Score: 3, Insightful

    The most interesting inference to me is that some third-party vendor who is serving up cloud apps has employees who are inherently more trustworthy than the ones you handpicked are.

    --
    Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"
  5. Silly nerds... by Darkness404 · · Score: 3, Insightful

    but it doesn't answer how it helps if an intruder is getting into Apps through a lost or stolen phone

    When you lose your phone, the vast, vast, vast, vast majority of the time they just want to wipe your iPhone and sell it to the local pawn shop. They don't care about your data, your songs, your apps, etc. they simply see that shiny, new hardware = money. Same thing with laptops, they don't care about the data on it, they want to wipe "that funny looking OS" off of it and put a pirated copy of XP on there and sell it on eBay.

    The idea that stolen gadgets are going to be used for something beyond simple hardware really overestimates either your value of data or the intelligence of thieves.

    --
    Taxation is legalized theft, no more, no less.
  6. How many factors are secure? by thethibs · · Score: 4, Insightful

    but it doesn't answer how it helps if ...

    Judgecorp should wait until after second coffee to post.

    What happens when an attacker has both factors in a two-factor situation is that security is breached. The same applies for any number of factors.

    The objective is to improve security, nothing can guarantee it. No "answer" is needed.

    (.....)

    --
    I'm a Programmer. That's one level above Software Engineer and one level below Engineer.
  7. Re:Cloud apps more secure? by IndustrialComplex · · Score: 3, Insightful

    Agreed. I fail to see how sensitive information being sent over the Internet could be more secure than keeping sensitive information stored on a computer that doesn't even have a network card installed.

    Security and Availability go hand in hand. Security isn't just, NO ONE EVER GETS TO LOOK AT MY DATA. Security is also making sure that your data remains undamaged (integrity) and available to the people that you want to see it.

    --
    Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj