In February, Google announced a new security protocol for Google accounts holders by the way of “2-step verification.” Essentially, 2-step verification is a layer of protection outside of the normal password layer of protection between the wild Web and your data, such as Gmail. The ingenuity of 2-step verification is that it effectively decreases automated password breaking attacks from the Internet.
Google announced today that this extra net of protection will be available to the rest of the world as 2-step verification is being released in 40 languages across the globe. This has a potential to be a boon for the security industry and Google account holders across the world that are perpetually under attack from malware and phishing attacks attempting to access sensitive information.
It is very difficult to hack Google. The search giant sees advanced persistent threats (APTs) every hour of every day. Those hacks come from major botnets or even (allegedly), foreign governments like China. Yet, news that a real breach has happened through Google Apps or Gmail is rare.
Yet, that it just Google and its data centers. Individual users are more susceptible to phishing and malware attacks, especially as they become more targeted. That is where 2-step verification is a critical layer to protect sensitive information. Think about the attack on Booz Allen Hamilton that leaked 90,000 Department of Defense oriented emails several weeks ago by Anonymous. The hactivist group bragged that it was easy to crack Booz Allen Hamilton, apparently through one particular unprotected server. Once they were in, they could not be stopped. The server was dumped and Anonymous had all the information it needed to make Booz Allen Hamilton look extremely foolish.
Likely, this would not have happened if Booz Allen Hamilton had the type of protection that is provided by the major public cloud operators like Google or even Microsoft’s Azure. Yet, the private cloud or data center that Booz Allen Hamilton used was not sufficient to keep the hackers out.
While Google’s 2-step verification initiative is an interesting function in how it protects Google accounts, it should be looked towards as a guideline to be built upon, especially when adding security in the enterprise or a government agency. Making security layered and universal between the public and enterprise is the first step to eliminating the botnets that cause so much headache on the Internet. Rolling out 2-step verification to 40 languages should only be a step to making it a global standard across the globe.