Google’s found another way to make its customers a little more secure.
On Thursday (Feb. 10), the company said it would make two-step logins available to all holders of Google accounts, whether for Gmail, Picasa, Blogger or YouTube. (Business customers got the feature last year.)
Basically, the new feature involves logging in using your regular username and password, and then coming to a second authorization page that asks you to input a one-time five- to eight-digit numeric code.
That code comes to you from your mobile phone. Up-to-date Android phones, BlackBerrys and Apple iOS devices (iPhones, iPads and iPod Touches) can generate the codes themselves using the Google Authenticator App. Other phones will get the codes from Google via text message or automated voicemail message.
Google said all users would get the option " over the next few days."
The new feature couldn’t be more timely. A guessed or stolen Google password is the golden ticket for cybercriminals — it opens up an individual’s e-mail, office, calendar, photo-sharing, blogging, chat and video-sharing accounts.
The two-step login is also a clever and cheap imitation of the RSA key system used by many large companies, in which a six-digit code generated by a key-fob security token must be used to remotely log into a corporate network.
Most RSA codes expire after one minute; the Google one dies after six.
Complications can arise with mobile and third-party apps that access Google accounts, such as desktop e-mail clients or Gmail clients for smartphones. In those cases, Google lets you generate a 16-character alphanumeric password that will give the app permanent access to the account.
The two-step login feature is optional but relatively easy to set up. The only catch is that you need two phone numbers: one to be the primary contact, the other a backup in case the first phone is lost, stolen or otherwise incapacitated.
Trendsetters who ditched their landlines may be out in the cold if they have only one phone number. In those cases, Google recommends using an office phone or friend’s mobile as the backup.