Google announced this morning that it is implementing two-step verification as an additional security precaution for the Premier, Education, and Government editions of Google Apps, with the feature coming to all Google Apps users in the next few months. The second verification factor is a randomly generated code that gets sent to a user's mobile device.
As more people take their document creation and storage to the cloud, Google notes, security becomes a more pressing issue. A stolen password is all that stands between an intruder and your documents, and passwords are often weak or can be obtained via phishing or other shady means, so there is a need for better security than the username/password model.
[ Keep up on key business application news with the Technology: Applications newsletter. ]
Google's solution is an updated version of the security keyfob idea, except it uses the mobile device most users already carry around rather than giving them a new tchotchke. Now, when users log into their Google accounts, they will be asked for a verification code, which will be sent via SMS or voice call to their mobile phone.
If a user is on a trusted computer -- their office system, for example -- they can opt to have their verification code remembered on that computer, meaning they won't be asked for a code for 30 days. Otherwise, a code will be required upon each login.
Google has built its verification feature on the open source OATH standard, meaning users can customize it for their own needs or even apply it to non-Google applications.