Monday, September 20, 2010

Google's China lesson

After being hacked last year by Chinese either students or government agents or both, Google decided to add a new security token to the good old password system:

Google is making it harder for Gmail and other Google Apps accounts to get compromised by adding an optional feature that will send a security code to your smartphone for logging in.

The two-step verification feature will put an additional roadblock in the way of online criminals by generating a onetime six-digit code that will be sent to the account holder in order to be able to successfully log in. The code will be sent after the password is provided.

This looks like a good protection for a system where users don't bother creating strong passwords. Criminals capable of hacking into a password database can probably defeat it by changing the address of a smartphone associated with the account which requires additional authentication. Also, imagine a nightmare of replacing your old phone and being stuck with the task to update all "clouds" with your new phone info. Nevertheless, it's a step in the right direction because even the smartest system can be compromised by dumb users.

I wish a similar system were introduced for accessing our personal information by third parties, enabling us authorize the access or at least track it.

tags: information, security, google, communication, problem, solution

No comments: