Google on Monday added two-factor authentication capabilities to Google Apps, a move that gives enterprises a second line of defense for users trying to access Google Apps cloud-based offerings.
The new cloud security option, Google said, gives users a one-time security code that is delivered via a mobile device. That code is used in addition to the usual password as another layer of security, Google said, by using a second means verifying a users' identity.
"Until today, organizations looking to secure their information beyond a password have faced costs and complexities that prevented many of them from using stronger security technologies," Eran Feigenbaum, Google Apps director of security, wrote in a blog post on the Google Enterprise Blog. "Today we are changing that with the introduction of a more secure sign-in capability for Google Apps accounts that significantly increases the security of the cloud: Two-step verification."
Feigenbaum said the two-factor authentication offering is free and Google will soon offer it to individual Google Apps users as well.
According to Google, when two-step verification is set up by an administrator or a partner, it requires two means of identification for a user to sign into a Google Apps cloud account. First, a user is required to enter their password. Second, they'll require a mobile phone. When a user enters their password, a verification code is sent to the mobile device via an SMS message, a voice call or generated on an application that users install on their Google Android, BlackBerry or Apple iPhone.
"This makes it much more likely that you're the only one accessing your data: even if someone has stolen your password, they'll need more than that to access your account," Feigenbaum wrote. "You can also indicate when you're using a computer you trust and don't want to be asked for a verification code from that machine in the future."
Google said it is opening the source code for its mobile authentication app so enterprises and partners can customize it to change the interface or add their own branding. Feigenbaum added Google Apps' two-factor authentication is built to allow future integration with other vendors' authentication tools.
Google Apps two-factor authentication is now available in Google Apps Premier, Education and Government Editions. Standard Edition customers will have access in the next few months, Google said.