Google Apps Gets Two-Factor Security 118
judgecorp writes "Passwords alone are not enough to secure access. Many organisations require two-factor authentication with a token. Google just added free two-factor verification to Google Apps, sending a one-off token to the user's mobile phone. It's good to have this for free, and it backs up Google's assertion that cloud apps are more secure — but it doesn't answer how it helps if an intruder is getting into Apps through a lost or stolen phone."
Mobile security (Score:5, Interesting)
I'm worried because in all the years I've had a Google mail account I haven't had any issues, yet a month after getting an Android 2.1 phone, despite being really careful about only installing high rated applications with tens of thousands of users and mostly keeping an eye on what they're allowed to access, my gmail account was hacked and used to send out a spam email via a mobile device in canada.
I've never had an email account hacked before, so I'm pretty convinced that some phone app has leaked my account details (as it's the gmail account tethered to my phone).
Admittedly Google immediately suspended my account due to suspicious activity (access from Mobile Canada (71.17.214.49), I live in the UK), and a token to my mobile phone was how I unlocked it and changed my password, but I'm still rather wary now despite how much I love my Galaxy S mobile.
I have bought apps I don't want to lose wiping the phone, and I have no real way to tell what it may have been that leaked my data.
I have droidsecurity antivirus installed now, but wish google could offer some stronger post-install controls on what an app's allowed to do.
Re:Mobile security (Score:3, Interesting)
About the only thing is, that might piss off a few developers because ad-blocking becomes rather easy, but I'm sure they will find a way to have it use the internet in a non-annoying way...
Re:Silly nerds... (Score:3, Interesting)
Re:Mobile security (Score:4, Interesting)
I've never had an email account hacked before, so I'm pretty convinced that some phone app has leaked my account details (as it's the gmail account tethered to my phone).
Did you inadvertently reuse your email password somewhere else?
My wife had her GMail account compromised by a Nigerian IP address. I'm pretty sure it's because she used her email address and password to create a userID at a site publishing historical immigration records.
She's not reusing passwords anymore.
Re:Cloud apps more secure? (Score:3, Interesting)
I know where the employees who work for me live. I know what car they drive. I know where they like to go to lunch. I have their social security number and a copy of their driver's license.
I also know a guy named Tony. Tony likes to break things. And ever since some pencil-neck computer nerd posted pictures of Tony's girlfriend on-line, Tony really likes to break computer nerds.
With Google, these things are much less transparent.
Re:Cloud apps more secure? (Score:3, Interesting)
If you look at a cloud provider like Google, there are two paying customers: Enterprises and businesses, and advertisers. So, on one hand, the cloud provider needs to protect data for people paying for their apps. On the other hand, they need to cough up data so the advertisers keep paying.
This bifurcation is why I prefer using E-mail providers whose sole revenue stream is customers. This way, advertisers have no vested interested in what data sits on the servers. Hosted Exchange providers come to mind here, same with me.com.
Re:Mobile security (Score:2, Interesting)