Google Accounts gets two-factor authentication

[nsane.forums]

Search firm offers help in battle against phishing attacks

Google has launched a two-step verification feature for Google Accounts to add an extra layer of security to services such as Gmail and YouTube.

The feature will be added to the settings page of Google Accounts in the next few days, and will require users to input their password along with a secondary code sent to a mobile device.

This can be an automated phone call or text message, or can be generated by an application on Android, BlackBerry and iPhone devices.

Nishit Shah, a product manager in Google's security division, said in a blog post that the process is an important step in improving security.

"Most of us are used to entrusting our information to a password, but we know that some of you are looking for something stronger," he said.

"It's an extra step, but one that significantly improves the security of your Google Account because it requires the powerful combination of something you know, your username and password, and something that only you should have - your phone."

Shah explained that it takes around 15 minutes to set up the process using a wizard, and that the verification codes are valid for a maximum of 30 days.

Two-factor authentication is becoming increasingly common in attempts to stop phishing attacks, and is widely used in the banking sector when customers log-in to online accounts.

HM Revenue & Customs warned taxpayers earlier this month about a new round of phishing emails designed to harvest bank account details, and security firm Sophos reported a rise in phishing attacks in the past year.

View: Original Article