W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

Google's New two-legged AuthN

From: <jeff@sayremedia.com>
Date: Thu, 10 Feb 2011 16:58:04 -0800
Message-ID: <1940300ecd0eaa041cdf41483bb3c113.squirrel@webmail.sayremedia.com>
To: "WebID XG" <public-xg-webid@w3.org>
This has been making the rounds around Twitter, but I thought I should
post it here just so we keep it in mind. On Google's official blog, they
posted this today:

<a
href="http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html
">Advanced sign-in security for your Google account</a>

Basically, Google is offering its account holders the option of adding
another verification step when authenticating a session. Here's the gist
of their new technique:

"Once you enable 2-step verification, you'll see an extra page that
prompts you for a code when you sign in to your account. After entering
your password, Google will call you with the code, send you an SMS message
or give you the choice to generate the code for yourself using a mobile
application on your Android, BlackBerry or iPhone device. The choice is up
to you. When you enter this code after correctly submitting your password
we'll have a pretty good idea that the person signing in is actually you."

This is an example where the use of WebID authentication would be
superior--both from the users' and Google's standpoint.

Jeff

http://jeffsayre.com/
Received on Friday, 11 February 2011 00:58:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:22 UTC