Two-Factor Authentication Goes Mainstream

Stop and think about what an attacker could do if they gained control of your e-mail account. Many web sites let you reset your password via an e-mailed link. Poorly designed services may even send a copy of the password to your inbox. Much of your personal information is likely reflected in conversations you’ve had via e-mail, and services such as Gmail can store copies of all your messages.

With all this in mind, protecting access to your e-mail has become an important priority. Using strong passwords is a great starting point, but that’s only one level of security. Many companies use another system, known as two-factor authentication, to protect sensitive data, but it hasn’t been widely deployed for consumer services.

Today, however, Google is making two-factor authentication available to users of Gmail – or any other service that involves a Google account. That means that instead of logging in by simply providing information you know (your password), you also have to prove you have something: your mobile phone. Whenever you login at a particular computer/browser for the first time, you’ll be prompted for a secondary code that’s either sent to you as a text message or generated with an app on your iPhone, Blackberry, or Android device. This gives you another layer of defense against phishers and hackers trying to access your inbox.

The new feature is not enabled by default, since it requires a phone and will likely be unfamiliar to most users. But you can enable it on your Google Accounts by visiting the Account Settings page and look for “Using 2-step verification” under Personal Settings. More information is available at the Google blog.