Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Google Lets Admins Force Two-Factor Authentication, Enhances Active Directory Support

Back in February 2011, Google launched support for two-factor authentication, a login method that requires two independent elements in order to successfully access an account. The first element being a password, and the second element typically being something you “have” with you or have access to, such as an authentication code from a token or mobile phone.

Back in February 2011, Google launched support for two-factor authentication, a login method that requires two independent elements in order to successfully access an account. The first element being a password, and the second element typically being something you “have” with you or have access to, such as an authentication code from a token or mobile phone. (RSA made two-factor authentication famous with its tokens that eventually became the subject of the major cyber attack in March 2011.)

While Google has supported what it calls “2-step verification” for both individual user accounts and enterprise Google Apps customers for some time, business had no way to force the use of the additional security measure for all users.

But starting this week, Google Apps administrators can require users in their domain to use 2-step verification. This new feature, Google says, will help its Google Apps customers accelerate deployment of the additional security measure.

In addition to allowing admins to force the use of two-factor authentication across an entire user base, Google released another feature that enhances integration with Microsoft Active Directory.

“For businesses that use Microsoft Active Directory (AD), we’ve added new capabilities to synchronize and manage passwords,” Rishi Dhand, Product Manager, Google Apps, noted in a blog post. “Businesses can manage password policies (e.g. password strength, reset intervals, etc.) using AD and then synchronize from AD to Google Apps when passwords are changed. Passwords are transmitted hashed and encrypted during synchronization.”

Information on how to configure the new 2-step verification policy in the Google Apps can be found here. center The Google Apps Password Sync for Active Directory (GAPS), can be downloaded here, and information on how to configure it can be found here.

These are the latest enhancements from Google to help increase security for its users. Earlier this month, Google said that it would start notifying users if it believed they are the target of a state-sponsored attack. Google has already had the alerts available that can notify users of malicious activity, especially attempts by unknown third parties to monitor users via unauthorized access.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...