Google today announced 2-step verification for account holders. The new security feature is rolling out gradually; I haven't received the update and so couldn't test the new feature. I like the concept but wonder how many people will bother to set it up or will cringe at the steps required to use it.
Like so many other cloud services, Google requires a username and password to login @gmail.com. The new mechanism adds a verification code received by cell phone. Additionally, there are 16-digit app-specific codes for e-mail clients and other applications. The extra layer of security is compelling, but is in some ways daunting.
In a blog post, Nishit Shah, Google security product manager, said 2-step verification could take as long as 15 minutes to set up. "Once you enable 2-step verification, you'll see an extra page that prompts you for a code when you sign in to your account. After entering your password, Google will call you with the code, send you an SMS message or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iPhone device. The choice is up to you. When you enter this code after correctly submitting your password we'll have a pretty good idea that the person signing in is actually you."