Aware that login security is a hot-ticket item, Google’s just added an extra layer of opt-in security for its account holders. It instantly doubles the protection, and does so by leveraging codes sent to your cell phone.
We’ve all lost a login code at some point, and we’re all also more or less guilty of using weak passwords to secure our valuable online data or over-using passwords on multiple sites. Odds are that we’ve also fallen for a login phishing scam or two, including the classic “mugged in London” scam that regularly catches people out–it’s one Google references in its blog posting about the new login protocol. To obviate such systemic password weakness, Google’s now added an additional layer of login security: If you opt-in you’ll have to answer with two pieces of secure data.
The trick is to use the traditional, and familiar, password system, and add in a second lock that requires a unique ID code. Once you’ve signed up, the system is pretty easy: You go to Google, tap “login,” enter your password, and either press a button to get an SMS code containing a unique second-step login code sent to you, or “generate the code for yourself using a mobile application on your Android, BlackBerry or iPhone device.”
This hints that Google’s taking the feature pretty seriously–a good deal of infrastructure has been put in place to make it work. It’s also implementing it smartly so as not to inconvenience users: You have to opt-in to use it, you can select a 30-day persistent login for your own computers (where security is perhaps less of a risk) and you can disable it for specific apps which don’t support the protocol yet, but do allow a traditional Google password login.
But it’s welcome, and sensible: Google notes that though it’s “an extra step,” it definitely improves securoty because it “requires the powerful combination of both something you know–your username and password–and something that only you should have–your phone. A hacker would need access to both of these factors to gain access.”
It’s also possible to read this move as the first sign in a coming overhaul of digital login security that will see smartphones increasingly used as RFID wireless login devices, and possibly require biometric tricks like writing your signature with the corner of your smartphone (with the phone’s accelerometers detecting the particular writing style that only you can have).
To read more news like this, follow Fast Company on Twitter: Click here.