Google’s 2FA for Apps is great – but it’s only the beginning
The new two-factor authentication (2FA) for Google Apps has to be a good thing. But why now, I asked Eran Feigenbaum, director of security at Google Apps?
And without a hint of irony he answered, “At Google we are always looking for ways to improve users’ security and [wait for it] privacy. Since the weakest link in both is the password, 2FA is the logical next step.” Actually, I believe him.
This is how it works (if you want it). When you login to Google Apps, a small app on your Android, iPhone or BlackBerry generates an out-of-band separate one-time six digit code. You need this to complete the login. It makes it far more likely that you are who you say you are because you also have access to your smartphone (the token, or second factor – which you have protected separately, right?). And if you don’t have a smartphone, Google will generate the code itself and SMS or voice it to your antiquated mobile phone. This is a massive security improvement, and raises Google Apps to a level of security similar to that used by many banks.
But it’s not enough. It only authenticates Google Apps. What about all of the other web applications? What about all of the social networks that do or will exist? What about the rest of the cloud. What we really need is free 2FA that can be integrated anywhere on the web.
And here’s my prediction. It’s coming; because, as Feigenbaum says, it’s the logical next step. I don’t know how or by whom it will be done. It might be Google or it might be one of the big internet security companies. It will probably involve Firefox. But it will definitely happen. Soon.