You can use a Google account to login to Gmail, Google Calendar, Google Docs, and dozens of other Google services — but you can also use it to login to third party apps such as online office suites, news readers, and more. That means if someone manages to obtain your Google account info, not only can they access your email, pay for goods using Google Checkout, and generally wreak havoc with your life. They might also be able to access your data on services that aren’tmaintained by Google.
Today Google announced something that can help protect you: 2-step verification.
Here’s how it works. Once you opt-in, you’ll need your username, password, and a unique code to login to Google. That code is constantly changing, which means that even if someone gets your username and password and your security code from half an hour ago, they won’t have enough information to access your account.
Of course, Google still needs to make sure you always have the latest code so you don’t get locked out of your account. To do that, Google uses your phone. Read the rest of this entry »
I got to try this out about a month ago due to my security being compromised on a public wifi network. The iOS authenticator app is pretty slick… way cooler than my RSA SecureID from work. In addition, you only need the latest code when accessing from a new device. If you are on your normal pc/phone there are no additional requirements other than your password (after a 1 time authentication)
Google needs to beef up security of its authentication system in order to demonstrate superiority over Facebook Connect which has become a de facto standard for plenty of popular websites.