Google Apps Improves Its SecurityBy: Sean Patterson - June 19, 2012
Google announced today that it has implemented two new security features into Google Apps. One enables tighter password verification for businesses, and the other enhances Microsoft Active Directory integration. The announcement came from Rishi Dhand, product manager for Google Apps, in a blog post over at the Official Google Enterprise Blog.
The first security upgrade for Google Apps users is an option to require all users in a domain to use 2-step password verification. Though 2-step verification has been available as an option for individuals using Google Apps, the option to require it allows companies to increase their password security as a whole. From Dhand’s blog post:
Since we launched 2-step verification, we’ve seen millions of users enable it and thousands more do so every day. 2-step verification requires two means of identification to sign in to a Google Apps account: something you know (a password) and something you have (a verification code from your mobile phone). Even if someone has stolen your password, they’ll need more than that to access your account. This additional layer of security greatly reduces the chance of unauthorized access via account hijacking or other means.
The second security upgrade is a password sync feature for Google Apps businesses that use Microsoft Active Directory. Those businesses can now manage their passwords using Active Directory, and then sync the passwords with Google Apps when they are changed. Dhand stated that the passwords would be transmitted both hashed and encrypted during synchronization.
These announcements come at a time when password security is certainly on the minds of companies. Two weeks ago over 6.4 million LinkedIn member passwords were leaked to a hash-cracking website and decoded. Passwords from eHarmony members and Last.fm members were also part of the leak. Though the companies have resolved the situation adequately, the ordeal still shined a spotlight on the need for web services to use enhanced password security.