Posts Tagged ‘passwords’
Google beefs up Apps security to win cloud customers
In any conversation about how applications and data are moving online, to come up. That’s definitely something as its tries to sell Google Apps, its bundle of work tools like Gmail and Google Docs, to businesses and other organizations. Today, it’s taking big step to reduce the risk.
Product manager Travis McCoy said Google Apps’ main security issue is the same one facing many other websites. It’s only protected by a username and a password, a combination that can be vulnerable, for example if you use the same password across multiple sites or if you’ve written it down somewhere.
To tighten security, Google is adopting an approach that’s similar to one used by some larger companies — adding an extra password, one that’s randomly generated and changes over time. Traditionally, the password is delivered using an extra device, like a smartcard that employees carry around. The extra device makes these programs more expensive, and can be a pain for employees if they forget where they put it.
Google simplifies the process by delivering the password to a device employees are already carrying around, namely their phone. Users can sign up to receive the passwords via SMS text message or through an application they install on their Android, BlackBerry, or iPhone device. So even if someone manages to steal or guess your password, they won’t be able to get into your account unless they’ve stolen your phone too. And if you’re accessing Google Apps from a computer that you believe is completely safe, you can tell Google to remember your verification, so you only have to enter an extra password once every 30 days.
The new feature goes live today for Premier, Education, and Government Google Apps accounts. Like I said above, it should help win businesses over if they were worried about security risks. (Remember that last year after getting access to an employee’s Google Apps account, though , “This attack had nothing to do with any vulnerability in Google Apps which we continue to use.”)
McCoy said the bigger goal is to move websites towards this new, stronger model of security: “It’s the [old] model itself that’s broken.” So Google will eventually make this feature available to consumer users of apps like Gmail, as well as to businesses with the free Standard Edition of Google Apps. It’s also making the code for the mobile apps available via open source, so that other online services can follow its lead.
Companies:
People:
Discovered a Fake Facebook
PandaLabs has detected a spoof page of Facebook designed to steal passwords from users of social networks. The content and the URL of the web page are identical to the actual page content service so it is very easy to convince a user to enter their name and password. After entering the password an error page which should alert and warn the user that he is on a specially crafted website. For reference you can see the image of this error:
Any data entered on this page fall into the hands of hackers.