Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Apps Gets Two-Factor Security

Posted by CmdrTaco on from the third-factor-requires-blood-sample dept.

judgecorp writes "Passwords alone are not enough to secure access. Many organisations require two-factor authentication with a token. Google just added free two-factor verification to Google Apps, sending a one-off token to the user's mobile phone. It's good to have this for free, and it backs up Google's assertion that cloud apps are more secure — but it doesn't answer how it helps if an intruder is getting into Apps through a lost or stolen phone."

5 of 118 comments (clear)

  1. There's a price. by Anonymous Coward · · Score: 5, Insightful

    For the low low price of your mobile phone number we will give you some extra security!

  2. Re:...because it's 2 factor... by chill · · Score: 4, Insightful

    Allow me to introduce you to Google's "I lost my password, send me a code to my mobile phone to reset it" feature...

    --
    Learning HOW to think is more important than learning WHAT to think.
  3. If *anything* gets stolen... by NYMeatball · · Score: 4, Insightful

    It sort of compromises everything - but that doesn't mean it's a bad form of authentication, does it?

    Once your machine, token, credentials, anything have been physically compromised, it's generally accepted that you're hosed (at least for that one factor).

    Seems like a step in the right direction.

  4. Mobile security by yakumo.unr · · Score: 4, Interesting

    I'm worried because in all the years I've had a Google mail account I haven't had any issues, yet a month after getting an Android 2.1 phone, despite being really careful about only installing high rated applications with tens of thousands of users and mostly keeping an eye on what they're allowed to access, my gmail account was hacked and used to send out a spam email via a mobile device in canada.

    I've never had an email account hacked before, so I'm pretty convinced that some phone app has leaked my account details (as it's the gmail account tethered to my phone).

    Admittedly Google immediately suspended my account due to suspicious activity (access from Mobile Canada (71.17.214.49), I live in the UK), and a token to my mobile phone was how I unlocked it and changed my password, but I'm still rather wary now despite how much I love my Galaxy S mobile.

    I have bought apps I don't want to lose wiping the phone, and I have no real way to tell what it may have been that leaked my data.

      I have droidsecurity antivirus installed now, but wish google could offer some stronger post-install controls on what an app's allowed to do.

  5. How many factors are secure? by thethibs · · Score: 4, Insightful

    but it doesn't answer how it helps if ...

    Judgecorp should wait until after second coffee to post.

    What happens when an attacker has both factors in a two-factor situation is that security is breached. The same applies for any number of factors.

    The objective is to improve security, nothing can guarantee it. No "answer" is needed.

    (.....)

    --
    I'm a Programmer. That's one level above Software Engineer and one level below Engineer.