This Is Google's Plan To Make Sure Your Gmail Account Doesn't Get Hacked
The company is reportedly planning to roll out a new system that requires users to verify their identity through a text message if suspicious activity is detected, according to a post on the company's security blog spotted by CNET.
This two-factor authentication process will only apply to those logging into Google's web apps, the report says.
This feature is currently optional for all Google users, but the company may soon make it a mandatory step when logging into your account if suspicious activity is detected.
Google hasn't mentioned what criteria needs to be met in order to trigger this feature, called the Login Challenge, but simply states that it will kick in if "the user [is] not following the sign in patterns that they have shown in the past." We can imagine this would include logging in from an abnormal location, such as a country different from your homeland.
Two-factor authentication, as its name implies, involves two steps. After entering your email address and password, Google will ask you to enter an authentication code. This code is sent to whichever phone number you entered when you created your Google account.
The stricter authentication process comes in the wake of one of the biggest vulnerabilities to hit the web-the Heartbleed bug. The flaw was discovered in April and affects OpenSSL, a common encryption protocol used across the web.
Users have since been encouraged to change their important account passwords since the Heartbleed bug is capable of tricking servers into spitting out personal information stored in their memory.
According to CNET, Google plans to slowly introduce this system to all domains over the next coming weeks. It also seems as if this feature will only apply to Google Apps for Business, which costs $50 per year.