Google introduces two-step authentication for Apps product

Google on Monday announced that it would offer a two-step security option to certain customers of its Google Apps product, aiming to offer its customers a low cost option for higher security. The new authentication system would combine the traditional password with a verification code sent to the user's mobile phone.

Initially the offering would be available to English users of its Premier, Education and Government editions, with Standard edition customers getting the feature in the coming months. Google wants to ensure they can scale the feature reliability before expanding it to the "hundreds of millions" using the free version.

To activate the feature, the Google Apps admin must set it up and enable it through the Control Panel. It would be offered at no additional charge.

"Until today, organizations looking to secure their information beyond a password have faced costs and complexities that prevented many of them from using stronger security technologies," Google Apps security chief Eran Feigenbaum said.

Two-step login is already popular among banking institutions as a way to authenticate users. The process is considered more secure as the user is required to enter two passwords in order to gain access to his or her account.

When activated, once the user enters his or her password, he or she must enter a verification code either sent via SMS text message or by voice call. Once authenticated, a user can also select to have that computer "trusted," meaning he or she would not need to enter the verification code on future logins.

An application for generating these verification codes can also be installed on Google Android, BlackBerry, and Apple iPhone devices.

"This makes it much more likely that you're the only one accessing your data: even if someone has stolen your password, they'll need more than that to access your account," Feigenbaum said.

Google's latest effort is part of a longer strategy to enhance the security of Google Apps overall. Last year, it gave the option for administrators to set minimum password length requirements and added functionality to view password strength, and provided HTTPS encryption later in the year.

Earlier this year, Google Apps was the first cloud service to gain US government security certification, which allowed it to be used in government agency IT deployments.