Two-factor authentication in Google

Google two-factor authentication for SMS shows advanced authentication is coming of age, says Dave Abraham

Google is now providing free mobile phone two-factor authentication (2FA) for Google Apps. This demonstrates to the market that 2FA is the right level of security to have for the growing number of cloud-based applications.

When organisations take all their cloud applications from Google, this Google offering could be seen as a threat to third-party 2FA vendors and their channel partners.

As long as the customer is happy with just using SMS passcodes, they will tend to take Google’s free authentication bundle. Companies that only offer 2FA authentication via SMS or software tokens on mobiles may lose out.

Yet organisations that go down the cloud route will buy a variety of hosted services from different service providers.

Rather than having lots of passwords to remember, they will need to maintain their mobile phone number with many providers. That may work most of the time but if they lose their phone or change their number it can be a real hassle. Also, many companies want some users to be able to have tokens or other forms of 2FA.

It is simpler and more cost-effective to provide frequent users with a physical token. The continued strength of the token market is testament to this.

There is also standards-based, hosted 2FA.

Dave Abraham is chief executive officer at Signify