Google has long been aware of this problem, and now the company is doing something about it. Google announced early Monday the availability of two-step verification, a more secure way for Google Apps users to sign into their accounts. Instead of just relying on a password set by the user, the two-step verification process will force users to log in with something they know (their password) as well as something they have (a PIN number sent to their mobile device).


The feature must be turned on by an administrator—admins for for Google Apps Premier, Education, and Government Editions can activate it now, while Standard Edition customers will be able to do so soon—and certain devices can be authenticated as “trusted” so they only require one step to log in. For example, a company’s admin might let you authenticate your home computer as trusted (as it’s less likely that your company e-mail will get accessed by a thief), but require your laptop to go through the two-step process, as it’s more likely to get lost or stolen.

The feature is meant primarily for the businesses that use Google Apps for their services, but Google says it will eventually be available to all users. Additionally, the company says that the system is built on open standards, and that it will be open sourcing its mobile authentication app “so that companies can customize it as they see fit.”

Authors: Jacqui Cheng, ars technica

to know more click here