Recognizing that login security is key, Google has just added an additional layer of opt-in security for its account holders. It instantly doubles the protection and does so by exploiting the codes sent to your cell phone.
We’ve all lost a login code at some point, and we’re all more or less guilty of using weak passwords to secure our valuable online data or using too many passwords across multiple sites. Chances are we’ve also fallen for a couple of login phishing scams, including the classic ‘mugged in London’ scam that regularly catches people – this is one of the Google references in its blog post on the new connection protocol. To avoid such a systemic password weakness, Google has now added an extra layer of login security: if you sign up, you will need to respond with two secure pieces of data.
The trick is to use the traditional and familiar password system and add a second lock that requires a unique ID code. Once you’ve signed up, the system is pretty straightforward: you go to Google, hit ‘sign in’, enter your password and hit a button to get an SMS code containing a one-time sign-in code for the second step , or “generate the code yourself using a mobile app on your Android, BlackBerry, or iPhone device.”
This suggests that Google takes the feature seriously enough – a good deal of the infrastructure has been put in place to make it work. It also implements it smartly so as not to annoy users: you have to choose to use it, you can select a 30 day persistent connection for your own computers (where security is perhaps less risky) and you can turn it off. for specific applications that do not yet support the protocol, but allow a traditional Google password login.
But it’s welcome and sensible: Google notes that while this is “an extra step”, it definitely improves security because it “requires the powerful combination of the two something you know– your username and password – and something that only you should have-your phone. A hacker would need access to both of these factors to gain access.
It’s also possible to read the move as the first sign of an upcoming overhaul of digital connection security that will see smartphones increasingly used as RFID wireless connection devices, and possibly require biometric tricks like write your signature with the corner of your smartphone (with the accelerometers detecting the particular style of writing that only you can have).
For more news like this, follow Fast Company on Twitter: Click here.