Back in February 2011, Google launched support for two-factor authentication, a login method that requires two independent elements in order to successfully access an account. The first element being a password, and the second element typically being something you “have” with you or have access to, such as an authentication code from a token or mobile phone. (RSA made two-factor authentication famous with its tokens that eventually became the subject of the major cyber attack in March 2011.)
While Google has supported what it calls “2-step verification” for both individual user accounts and enterprise Google Apps customers for some time, business had no way to force the use of the additional security measure for all users.
But starting this week, Google Apps administrators can require users in their domain to use 2-step verification. This new feature, Google says, will help its Google Apps customers accelerate deployment of the additional security measure.
In addition to allowing admins to force the use of two-factor authentication across an entire user base, Google released another feature that enhances integration with Microsoft Active Directory.
“For businesses that use Microsoft Active Directory (AD), we’ve added new capabilities to synchronize and manage passwords,” Rishi Dhand, Product Manager, Google Apps, noted in a blog post. “Businesses can manage password policies (e.g. password strength, reset intervals, etc.) using AD and then synchronize from AD to Google Apps when passwords are changed. Passwords are transmitted hashed and encrypted during synchronization.”
Information on how to configure the new 2-step verification policy in the Google Apps can be found here. center The Google Apps Password Sync for Active Directory (GAPS), can be downloaded here, and information on how to configure it can be found here.
These are the latest enhancements from Google to help increase security for its users. Earlier this month, Google said that it would start notifying users if it believed they are the target of a state-sponsored attack. Google has already had the alerts available that can notify users of malicious activity, especially attempts by unknown third parties to monitor users via unauthorized access.

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- ‘No Evidence’ of Cyberattack Related to FAA Outage, White House Says
- SecurityWeek to Host 2022 ICS Cybersecurity Conference October 24-27 in Atlanta
- Google Completes $5.4 Billion Acquisition of Mandiant
- Cybersecurity Firm ZeroFox Begins Trading on Nasdaq via SPAC Deal
- HUMAN Security and PerimeterX Merge on Mission to Combat Bots
- Last Call: CFP for ICS Cybersecurity Conference Closes July 15th
- Johnson Controls Acquires Tempered Networks to Shield Buildings From Cyberattacks
- Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
