Google Introduces Two-step Verification Process

Feb. 14, 2011 - PRLog -- E-mail security has been one of primary cause of concerns for individuals and organizations worldwide. Cybercriminals attempt to steal confidential user information by tricking unwary Internet users through schemes and attacks such as phishing, spear phishing, advance fee fraud, vishing, investment scam, work-from home scam e-mails, fake job offers, malicious links and attachments. Social media sites have provided another opportunity for attackers to send fake friend and member requests. Attackers may also compromise an e-mail account through brute force attacks. The popularity of Instant Messaging (IM) has also raised the threats of worms and viruses, which spread through IM. Attackers also exploit the tendency of many Internet users to use common passwords for multiple accounts.

Recently, Google launched an advanced sign-in security feature for Gmail. The feature introduces an additional layer of security. In addition to the normal password authentication process, users may opt-in for an additional verification step. Users have to set-up the two-step verification through the set-up wizard provided on the Account settings page. They have to provide a primary phone number and also create back up codes. Once enabled, Google will deliver a code to the provided phone number after the next log in through an automated call or an SMS message. Google also provides an option to self-generate the code through a mobile application on Android, iPhone or BlackBerry device. The company also offers an option to remember verification for 30 days.

The two-step verification process adds an additional layer of e-mail protection. Attackers attempting to breach an account would require access to e-mail address and password as well as the user’s phone to gain unauthorized access to e-mail account.Breach of corporate e-mail accounts may compromise privileged business information.

Organizations must conduct regular pen testing  to weed out the vulnerabilities in the IT infrastructure. IT professionals who have undertaken vulnerability assessment training  may help developers in identifying the weaknesses in applications and improve security.

Lack of security awareness is one of the major causes of breach of sensitive information such as e-mail and online accounts. Security firms and counter crime agencies must create awareness among the Internet users through e-learning programs. Internet users must have strong and separate passwords for different online accounts. The passwords must not contain any personally identifiable information. Adherence to cyber security tips may help users in reducing instances of e-mail breach.

Contact Press

EC-Council
Website:  http://www.eccouncil.org
Email:  iclass@eccouncil.org
Tel:  505-341-3228

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences.

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).