If a suspicious login attempt is detected, users will need the code sent by Google
Google is reportedly working to block unauthorized use of the Google Apps and plans to impose a new requirement to verify user identity. More specifically, the company is apparently looking to verify users with a text message if a suspicious login attempt is detected.CNET reports that the mechanism is supposed to apply to web logins. It is basically a form of dual-factor authentication that would help increase account security.
Such measures are far from being a novelty. In fact, sites such as Google, Yahoo, Microsoft, Twitter, Facebook and more commonly provide users with the option to enable dual-factor authentication. This can be done through a password or code sent through a text message or by generating it with a smartphone app, such as the Google Authenticator that can be associated with a number of accounts.
However, up until now and under normal circumstances, users were supposed to sign up for it. What Google wants to do now is force it on anyone if someone suspicious tries to access the account. As a general rule, Google would take into consideration the geographical position of the user, the IP address and other such data. If the account hasn’t been accessed from that particular location or computer before, it can trigger the alarm and require the user to provide a code to verify the identity.
“When a suspicious login is detected, we send a challenge to the user such as an SMS with a verification code to the user's phone and ask them to enter this code before we grant access to their account. This drastically reduces the chances of an unauthorized user accessing the account because the attacker would have to get a hold of the user's phone as well as the username and password,” Google said regarding the procedure.
The added layer of security is particularly important since Google Apps is a paid service that provides organizations with access to a series of services, including Gmail, Google Docs, Slides, Sheets and Calendar.
The company is basically trying to secure these services from prying eyes such as those pertaining to government spies and hackers.
Over the coming weeks, this new feature will be rolled out to all users. Those who have kept their phone numbers a secret from Google will be prompted to share them if the company detects a suspicious login attempt.
Furthermore, the alternative option for those who can’t use the text message authentication for whatever reason is to offer a “fallback challenge” and the administrators can temporarily disable the login challenge for 10 minutes.