The Trusted Insider

Google Two Factor Authentication against non-Google websites

The current state of web security is concerning, there is a large portion of the population that still does not understand the amount of information being shared across websites. There can only be so much trust that can be given to SSL and basic password authentication. This is where two factor authentication comes in, this is certainly not a new concept however, Google’s done a rather good job at simplifying the process and implementing it properly. 



Step 00 - Navigate to https://plus.google.com/settings/
Step 01 - Select the edit button to the right of “Using 2-step verification
Step 02 - Follow the onscreen instructions 



Google’s approach allows you to not only implement two factor soft token authentication via SMS or an application on your smart phone, it also allows the generation of application-specific passwords that can be used for third party applications such as mail clients, rss readers, chat clients. 

After having this enabled on several accounts I started thinking, now wouldn’t this be nice to be able to authenticate via your Google credentials or even generate website-specific passwords instead of the normal application-specific passwords? Some might say that this sounds a little too much like OpenID. While that may be true, if Google is attempting to centralize your online experience it would make sense for them to roll out a feature much like this to allow for a much easier and safer browsing experience for the general public

Bear in mind that this is not the end-all-be-all of security, it is merely another layer that can be added onto existing services with little pain until more advanced security protocols and authentication methods are developed for public use.