Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Apps Gets Two-Factor Security

Posted by CmdrTaco on from the third-factor-requires-blood-sample dept.

judgecorp writes "Passwords alone are not enough to secure access. Many organisations require two-factor authentication with a token. Google just added free two-factor verification to Google Apps, sending a one-off token to the user's mobile phone. It's good to have this for free, and it backs up Google's assertion that cloud apps are more secure — but it doesn't answer how it helps if an intruder is getting into Apps through a lost or stolen phone."

4 of 118 comments (clear)

  1. There's a price. by Anonymous Coward · · Score: 5, Insightful

    For the low low price of your mobile phone number we will give you some extra security!

  2. Re:...because it's 2 factor... by chill · · Score: 4, Insightful

    Allow me to introduce you to Google's "I lost my password, send me a code to my mobile phone to reset it" feature...

    --
    Learning HOW to think is more important than learning WHAT to think.
  3. If *anything* gets stolen... by NYMeatball · · Score: 4, Insightful

    It sort of compromises everything - but that doesn't mean it's a bad form of authentication, does it?

    Once your machine, token, credentials, anything have been physically compromised, it's generally accepted that you're hosed (at least for that one factor).

    Seems like a step in the right direction.

  4. How many factors are secure? by thethibs · · Score: 4, Insightful

    but it doesn't answer how it helps if ...

    Judgecorp should wait until after second coffee to post.

    What happens when an attacker has both factors in a two-factor situation is that security is breached. The same applies for any number of factors.

    The objective is to improve security, nothing can guarantee it. No "answer" is needed.

    (.....)

    --
    I'm a Programmer. That's one level above Software Engineer and one level below Engineer.