Google said today that it will begin offering users greater security protections for signing in to Gmail and other Google Apps offerings. This “two-step verification” process — which requires participating users to input a user ID, password and six-digit code sent to their mobile phones — effectively means Google will be offering more secure authentication than many U.S. financial institutions currently provide for their online banking customers.
The search giant will be making the technology available to its enterprise (paying) customers immediately, and it will be free to consumers within the next few months. Users who choose to take advantage of the technology can have the codes sent via text message or a special Google mobile app. All devices that are successfully authenticated can then be set to not require the two-step process for the next 30 days.
Travis McCoy, product manager of Google Security, said the company was looking for a way to prevent Google account takeovers made possible by weak or stolen passwords.
“We wanted to look and see what single area could we work on that would have the greatest impact on user security,” McCoy said. “We found user names and passwords often end up being the weak link in the chain in terms of how accounts are being compromised.”