Gmail is introducing multi-factor authentication for Gmail accounts. The move will allow Gmail users to secure their accounts by allowing them to use their mobile phones to verify their identities. This is the same idea behind the security many banks employ and something I first saw at the RSA Security conference five years ago in San Francisco.
While passwords like 123456, pets’ names and kids’ names might satisfy some Gmail users, many have asked for something more. Once your mobile phone is enrolled, you’ll be asked to enter a special code in your browser or email client. Google will send these codes via SMS to your mobile.
The process isn’t as cumbersome as it sounds. Gmail will of request a code each time you attempt to login to Gmail from a new machine. You’ll have the option for Gmail to remember you for 30 days. If you’re using a public computer you of course don’t have to check that box.
While it might take a few minutes to setup and require a little more effort to login to your account, I highly recommend enabling the new security features. In order for a bad guy to gain control of your Gmail account, he’d have to know your email username, password and have physical possession of your phone. For many, Gmail is the hub of their online existence and this new feature turns it into a virtual fortress.
The feature will be rolled out to Gmail users over the next few days.