Google Apps Boosts Security with Two-Factor Authentication

Google has added two-factor authentication for Google Apps, allowing admins to require user passwords and additional verification from a user's mobile phone. Google Apps also notched its 3 millionth business customer.

Google Sept. 20 said it has added two-factor authentication for Google Apps, a move that should make the cloud collaboration software more palatable for enterprises requiring greater security.

Two-factor verification is a boon at a time when passwords are often the weak link in the security fence software makers put up around their applications. People use the same passwords across too many Websites or get tricked into revealing them to those with malicious intent.

When administrators of Google Apps Premier, Education and Government editions enable the technology from their control panel, users must sign in to their Apps account with the usual password and a mobile phone.

Upon entering a password, a verification code is sent to a users' mobile phone via SMS, voice calls, or generated on an application they can install on their Google Android, RIM BlackBerry or Apple iPhone handset.

"This makes it much more likely that you're the only one accessing your data: even if someone has stolen your password, they'll need more than that to access your account," explained Eran Feigenbaum, director of security for Google Apps, in a blog post.

Users may can also signal that they don't want to be asked for a verification code from specific computers in the future.

Admins can access it from the English version of the Admin Control Panel now.

While available only for paid Google Apps users today, Google will offer the same two-factor authentication to the "hundreds of millions" of Google Apps Standard Edition users in the coming months. end users can set it up in the Accounts tab in Gmail settings.

Google has been taking a number of steps to enhance Google Apps security to lure new business customers from Microsoft, IBM and Novell collaboration suites.

For example, the company in July attained FISMA, or Federal Information Security Management Act certification and accreditation from the U.S. government's General Services Administration.

Google also added HTTPS encryption and the ability to set minimum password length requirements for Google Apps.

Google's security move, announced at the Google Atmosphere cloud computing event in Paris today, comes as the company has just notched its 3 millionth business customer. Google reached the two million business plateau last October.