It looks like Google are rolling out a beefed-up security model, based around two-factor authentication. This is where a person needs to provide two forms of proof that they own the username with which they are attempting to log in.
In most two-factor schemes, the first proof is a password or PIN and the second is either a physical token of some kind (key or card) or a biometric identifier such as a facial image or fingerprint scan. The idea is that whilst an attacker might well capture your password or PIN somehow, it is going to very difficult for them to also provide physical or biometric proof.
For an organisation that can issue its employees with smart cards, this scheme works very well, but such a move would be completely impractical (and hideously expensive) for Google. Their solution is to use your mobile phone, instead!
It works like this: you log in as normal with a username and password, but then you are taken to a second screen in which you must enter a six-digit verification code. This code is delivered to your phone (which you have previously associated with your Google account).
The system seems to be designed around the assumption that users will have an iPhone, BlackBerry or Android device running the Google Authenticator app. Whilst the verification code can also be sent via SMS, I wonder whether this will be quite as efficient. Fortunately, Google provide the option to authenticate like this once per computer rather one per login, which is easier (albeit at the cost of reduced security).
No comments:
Post a Comment