Note: my mother's password was recently obtained for her gmail account, and then a malicious email sent to all her contacts. See my next blog on this subject as well. In particular, if this recent hack of connectplatform was able to obtain your BIA password, this could lead to future problems.
Monday, September 20, 2010 2:14 AM
Posted by Travis McCoy, Product Manager, Google Security Team
Entering your username and password on a standard website gives you access to everything from your email and bank accounts to your favorite social networking site. Your passwords possess a lot of power, so it's critical to keep them from falling into the wrong hands. Unfortunately, we often find that passwords are the weakest link in the security chain. Keeping track of many passwords is a pain, and unfortunately accounts are regularly compromised when passwords are too weak, are reused across websites, or when people are tricked into sharing their password with someone untrustworthy. These are difficult industry problems to solve, and when re-thinking the traditional username/password design, we wanted to do more.
As we explained today on our Google Enterprise Blog, we've developed an option to add two-step verification to Google Apps accounts. When signing in, Google will send a verification code to your phone, or let you generate one yourself using an application on your Android, BlackBerry or iPhone device. Entering this code, in addition to a normal password, gives us a strong indication that the person signing in is actually you. This new feature significantly improves the security of your Google Account, as it requires not only something you know: your username and password, but also something that only you should have: your phone. Even if someone has stolen your password, they'll need more than that to access your account.
Posted By: Adam Fate
Tuesday, October 26th 2010 at 11:12AM
You can also
click
here to view all posts by this author...
