Google Inc. began rolling out a new security feature on Monday to provide more security for Gmail users. Account holders will be asked to enter a six digit code sent to their phones when they log in the first time from an unknown computer. This feature offers an additional layer of security and will make it harder for hackers to use brute force methods or social engineering to guess a user’s password. It will not, however, prevent a wife or husband from gaining access to their partner’s account if they have access to their mobile phones.
This move follows a similar security feature introduced by Facebook several weeks ago that ask users to authenticate an unknown computer using a combination of quizzes followed by a text message to a mobile phone if Facebook detects an unknown IP or computer by checking session cookies.
The China connection
Gmail security has been a concern of Google since the well reported hacking of dozens of personal and corporate Gmail accounts earlier this year. In the official Google blog, Google wrote “We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users.”
That incident lead Google to pull out of China and close their China office. Google also redirected traffic from Google.cn to Google.com.hk which effectively bypassed China’s filtering requirements. In June, Google announced a compromised solutionwhich allowed them to continue operating in China.
Staggered roll out
The new security feature will roll out slowly starting with corporate and educational Google app users. Eventually, the new feature may be introduced to mainstream Gmail users who number around 185 million. Google will also introduce apps for the iPhone and Blackberry to make it easier to authenticate.
San Francisco based Twitter also announced on September 19th that all 250,000 applications using the Twitter api will be required to use “OAuth” to access Twitter accounts. The feature allows Twitter users to authenticate third party applications without giving those applications their passwords directly.
Despite all these new security features, users must still stay vigilant in protecting their passwords and online security.