With people storing more and more personal data in the cloud, concerns raise about the security of the traditional username / password login mechanism. This is something that has bothered me for quite a long time. There are so many different places where I login to my Google account, for example. Everytime I log in from a machine which is not my personal one I have to make sure to be properly logged out and – more imporantly – that this particular system and network can be trusted.
A simple way to circumvent the issue is to regularly change the password. While this is ok for a disciplined individual, it doesn’t really scale to the masses.
As an increased security feature, Google has come up with a 2-step verification scheme. It works like this: Everytime you log in to your Google account, you will first have to enter your username and password, just as usual. After that, you will be prompted to enter a verification code. This code can either be obtained by phone or via the Google Authenticator app available for iPhone, Android and BlackBerry. It’s actually quite similar to the procedure we know from secure online banking services. Only that you don’t need to enter the verification code at every single login as you can define the interval at which the code is requested.
After activating 2-step verification, all your non-browser apps like Gmail on iPhone will stop working. You will have to generate a specific password for these applications.
Originally the 2-step verification service was only available for Google Apps customers but recently Google has announced that the service will be rolled out to all accounts in the next days.