In the first of these two posts on Google’s two-factor authentication I discussed Google’s authentication push and how this is a good step forward for spreading strong authentication. Here I explain how this can be extended to the workplace and our online bank accounts.
If the goal of strong authentication is protecting critical information resources, then there are other items you should consider including ‘how do I communicate data securely?’ and ‘how do I verify this document/presentation/spreadsheet is from me?’. This is where a certificate-based identity system can significantly help with securing data. This form of strong authentication can be used in conjunction with a Microsoft OS and Server to enable encrypted email and digital signature. These functions provide a solution for ensuring the right people gain access to the data that is being communicated between trusted parties.
But OTP is still a good option to help increase security, especially when you consider how remote working continues to grow, requiring workers to gain access to data from outside the corporate network. As we discussed back in August, now that we are able to access our accounts using so many different devices, no matter where we are, the need for tighter security has risen accordingly. Google’s looks a decent model for simple yet strong authentication for those working on the move.
Secondly, consumers accessing their bank accounts understandably demand strong authentication (there is no more sensitive a topic than your cash, is there?), an issue that was briefly addressed by the FFIEC guidelines this summer. Banks are increasingly rolling out multi-factor authentication for their customers, but the challenge for them is to do so without compromising convenience. Two-factor authentication on Google looks simple and convenient, and will help raise awareness amongst its 100 million + user base of the need for stronger authentication.
Many of you will have seen Google’s recent promotional campaign looking at simple ways to improve your password security and I am happy to see such a large company pushing for greater security and awareness amongst its users. We have previously debated the death of the password on this blog, which still seems a way off for now, but with others joining in the push to offer innovative ways of protecting its users and their data, we can continue to move toward ubiquitous strong authentication and in effect close the net on online fraudsters.