Google Adds SMS Verification Security to Gmail

Google is to offer all Gmail users the option to secure their accounts using two-factor authentication (2FA), the first time such security has been widely used on mass webmail.

The new 2FA option two step verification in Google terminology - will add an extra layer of security in which users designate a mobile phone, landline or mobile app to receive a unique one-time login code. This is then entered in addition to the usual username and password combination.

Its a lot more secure but it does add some complexity, requiring what the company describes as a 15-minute setup process which also requires a backup phone in case the primary one is lost. This which can be a landline or a mobile phone.

When accessing Gmail through non-browser applications such as standalone email apps or a phone app, a specific but on-off password will have to be generated to stop the application working.

One concession to convenience is that the verification code can be set to renew every 30 days which avoids needing a new one for every login. Supported mobile apps to received codes on include Android, iPhone and BlackBerry.

Its not clear how quickly the feature will be made available to all users that want it but the option will need to be turned on in the account settings tab.

If google eventually makes the feature standard on accounts the payback for the company could be a reduction in the number of bogus accounts created using the service to relay spam. At the very least it would make migrating from bogus account to bogus account difficult if the associated mobile accounts are also blacklisted.

Subscribe to the Security Watch Newsletter

Comments