If you logged into your Google account today, you may have noticed a newer, safer Google. That, at least, is what the search engine hoped you saw, with the launch of its new, secured login for Gmail and other Google services. Is the new service worth the extra steps? We take a closer look…
What Google has termed the “2-step verification” login now requires users to enter not just their password but also a separate code sent to their mobile device before they can gain access to products like Gmail or Google Docs.
The process is relatively simple, but worthwhile: users who opt-in to the new feature will now need their username, password, and a unique code to login to Google. That code is constantly changing, which means that even if someone gets your username and password and your security code from half an hour ago, they won’t have enough information to access your account.
“There are plenty of examples (like the classic ‘Mugged in London’ scam) that demonstrate why it’s important to take steps to help secure your activities online,” Nishit Shah, product manager for Google Security, wrote in a blog post. “Your Gmail account, your photos, your private documents – if you reuse the same password on multiple sites and one of those sites gets hacked, or your password is conned out of you directly through a phishing scam, it can be used to access some of your most closely-held information.
Setting up two-step verification will take just 15 minutes, the company has promised.
In the coming days, Google will release a new option on the Account Settings page that says “Using 2-step verification” under “Security.” A wizard will guide users through the set-up process, including the addition of a backup phone and codes.
Once the set-up is complete, users will enter their passwords as normal when signing into Google. But before providing access to your account, Google will either call or text with another code, or let you create one via an Android, BlackBerry, or iPhone app. Enter that code, and you’re in.
The passcode is either required for every login or once every 30 days, depending on the settings you choose. Google also asks for a second phone number, as back up should the user lose their mobile device. You can also set up app-specific passwords for when you sign into Google on a non-browser app that can’t prompt for a code.
The process may look familiar to mobile Google users. The 2-step verification has been available for Google Apps customers since September, ahead of its release to all users this week.
Google undoubtedly hopes this feature will add an extra layer of security while, at the same time, keeping at bay a skeptic band of consumers and lawmakers up-at-arms against any and all threats to online privacy.
Releasing an extra layer of authentication related to mobile devices also comes at a strategic time for Google. Android is generating upwards of 300,000 new accounts per day, while the company is also expanding other mobile features like Google Checkout payment service.
Just this month, security firm McAfee released data showing that malware attacks on smart phones and other mobile devices connected rose by 46 percent in 2010, and is expected to surge even further this year.
With that in mind, this definitely seems like a smart, optional way to protect your privacy.
Tell us what you think. Will you ‘opt-in’ to the new Google login?