For many of us, our Google accounts are the nexus of much of our online lives: email, documents, calendar, photos. So a security breach of your Google account (or of another account, should you reuse your username and password on multiple sites) can be a real disaster.
Google is announcing a new feature today to help address that, enhancing the verification for logging into your Google account for the one step now – username and password – to a new 2-step process.
The opt-in feature has been available for Google Apps customers for several months and now that same level of protection will be available to all users.
Google warns that it may take up to 15 minutes to go through the setup process for this, but honestly kids, it’s worth it.
The process requires two indepedent factors to authenticate your identity. In other words, when you log into your Google account, you’ll need the usual username and password, but then you’ll also need a second code in order to move forward – a process similar to the one that’s available on most banking websites.
This second code isn’t one that you’ll write down (and potentially lose) on scraps of papers or one that you’ll use again and again on multiple sites (decreasing its security). Rather, it is generated by Google, then sent as an SMS message to your phone or via an authentication app (available for Android, Blackberry or iPhone). This code will be generated for each log-in. And, in Google’s words, “when you enter this code after correctly submitting your password we’ll have a pretty good idea that the person signing in is actually you.”
You’ll have the option to have your computer remember this second verification step for 30 days, so you won’t need to re-enter that code every time you boot up your machine.
It may sound a tad cumbersome, but ask anyone who’s had their Gmail account hacked how annoying and awful that process was, and you’ll find Google’s new feature to be a positive not a pain.
The option will roll out to all users over the coming weeks.