Most web applications rely on just an username and password and this is inherently insecure. Enterprises deal with this usually with the popular RSA keyfob based two-factor authentication systems.
With 2-factor authentication, besides entering the username and password, you have to enter a pin and append it with dynamically generated string of numbers from your RSA keyfob. This makes it very secure to access stuff online. Even some banks have started to do this for online access to their clients.
Google has now introduced the two-step verification for Google Apps accounts. Instead of a key fob, they have ingeniously utilized another device we constantly have on us – mobile phone.
No special tokens or devices required. Once you enter your username and password, a verification code is sent to your mobile phone as SMS, voice calls or generated on an application for Blackberry, Android or iPhone.
Google is doing 2 things on this front to make this a wide-spread adoption
- They have built this on an open standard to allow integration with other vendors’ technologies in the future
- They have also open sourced the mobile authentication app so companies can customize it to their needs
Once enabled, end users can set this up in the Accounts tab in Gmail Settings.
Google has taken a right step in making Google Apps more attractive to Enterprises with security where the pricing was already really attractive.
Chase bank does this already and I really like the security comfort it offers and great to see Google Apps offer it too.
{ via Google Enterprise blog }
1 comments:
nice info...
i want to try it :)
Post a Comment