Google Plans Two-Factor Authentication for Everyone

In addition to announcing that two-factor authentication is available for Google Apps, the search giant revealed its plans to extend the technology to all Google accounts in the upcoming months.

Two-factor authentication is the practice of using two independent methods to verify a user's identity before granting them access to sensitive data.

Such technology usually combines the traditional username and passwords with unique codes generated on request.

Many banks already provide their customers with devices that generate One Time Passwords (OTPs) necessary for accessing their online banking systems.

Google's version of this technology is called "two-step verification" and involves providing users with an unique code via SMS or a voice call to a phone number associated with their account.

The code can also be generated by special mobile applications, which the company has developed for the iPhone, BlackBerry and Android operating systems.

It's also worth noting that once a code has been used to log in from a computer, that machine can be exempted from this form of verification in the future.

This allows for a hassle free sign in process on trusted computers, while still making it impossible for hackers to access the account from another location, even if they have the password.

For now, the option will only appear on English dashboards of Premier, Education and Government Google Apps editions.

However, the company announced on its official enterprise blog that "In the coming months, we’ll also be offering this same security to our hundreds of millions of individual Google users."

Google's decision to make two-factor authentication widely available is a huge security improvement and could encourage the adoption of similar technology by other public services.

Last year a French hacker gained access to Twitter's corporate Google Apps account after compromising the email of an employee, and leaked hundreds of confidential documents onto the Internet.

If this new "two-step verification" feature would have been available at the time, the highly embarrassing incident could have been prevented.