Google is expanding the use of two-step verification to include all Google accounts. The security measure--implemented for Google Apps customers a few months ago--protects your Google account from being hijacked or compromised.
A Google spokesperson stated, "We're excited to be making 2-step verification, our two-factor authentication account security system for Google Accounts, available to any Google user beginning today," adding that Google is also introducing some additional features to make the security controls more widely available and easier to use.
Authentication is the process of verifying that you are you--the legitimate owner of the account--before allowing access. Authentication relies on something you know--like a password, something you have--like a mobile phone, or something you are--like a fingerprint.
The problem with the standard authentication model is that it relies only on something you know--and that something is often easily guess, cracked, or otherwise compromised. While a username may seem like 'something you are', it is just a word, so it is actually 'something you know'--and a 'something you know' that is generally not protected or kept secret so it is a non-factor. That leaves the password.
As incidents such as the Rockyou.com and Gawker.com data breaches illustrate, the majority of users depend on weak passwords that are trivial for an attacker to discover. Many users also rely on the same username and password to protect all of their various accounts--making that one password a proverbial key to the entire kingdom that is their digital life.
Once an account is compromised, the attacker can modify account details such as the alternate email address, phone number, or other contact information, making it extremely difficult for the legitimate owner to reclaim the account. That is where the Google 2-step verification protection comes in. With the new Google authentication, you need a code that is sent via SMS to your mobile phone in addition to the standard password.
A blog post from Google announcing the new feature explains, "It's an extra step, but it's one that significantly improves the security of your Google Account because it requires the powerful combination of both something you know--your username and password--and something that only you should have--your phone. A hacker would need access to both of these factors to gain access to your account."
The feature will be rolled out to all Google accounts over the next few days. The initial set up will take about 15 minutes according to Google. Google has made the setup process more user-friendly, and has also expanded availability to more countries.
This story, "Why You Should Use Google's Two-Step Login" was originally published by PCWorld.