Google is putting its “2-Step Verification” (2SV) into the hands of end users.
2SV is very similar in concept to the kind of two-factor authentication (2FA) security for which groups like the FIDO Alliance have been advocating. For administrators implementing it—in the workplace, for example—it can add an extra layer of security to employees’ login process by requiring end users to tap a security key, or entering one-time passwords sent to their smartphones, or simply confirming their location via a mobile prompt. Now, Google is letting those end users enable such security themselves with new options via their account settings.
It’s another instance of the rising awareness in IT of the importance of multi-factor authentication, and it’s no surprise to find it coming from Google. The company’s Google Authenticator offers a relatively simple second authentication factor for other organizations to take advantage of, and it has also announced plans to comprehensively move beyond password-based security on its Android devices by the end of this year. To that end, it’s developing a sophisticated multi-factor authentication system that will use a combination of metadata, behavioral analytics, and biometrics, which could hint at future advances in its other security mechanisms such as 2SV.
Source: Google Apps Updates blog